Skip Navigation
Official website of the United States Government U.S. Department of the Treasury
Bureau of the Fiscal Service Home
Do Not Pay

Privacy Program

In January 2013, the President signed the Improper Payments Elimination and Recovery Improvement Act of 2012 (IPERIA) into law, codifying ongoing efforts to develop and enhance steps taken by the Federal Government to prevent, waste, fraud, and abuse in Federal spending.

In August 2013, the Office of Management and Budget (OMB) released Memorandum M-13-20 to ensure that individual privacy is fully protected while reducing improper payments with the Do Not Pay (DNP) Initiative. Additionally, DNP complies with the Privacy Act of 1974 and other laws pertaining to the use, maintenance, and disclosure of records.

System of Records Notices (SORNs)

A system of records is defined by the Privacy Act of 1974 as “a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.”

Rules exempting systems of records from certain Privacy Act requirements are in 28 CFR Part 16, Subpart E. Below is a listing of systems of records maintained by DNP and original source agencies that are subject to the Privacy Act of 1974.

  1. Credit Alert System (CAIVRS)– CAIVRS is comprised of data from the following agencies:

    1. Department of Education (Education)
    2. Department of Housing and Urban Development (HUD)

    3. Department of Justice (DOJ) - Debt Collection Enforcement System, JUSTICE/DOJ-016

    4. Small Business Administration (SBA) - SBA 21 -- Loan System and SBA 20-Disaster Loan Case File

    5. U.S. Department of Agriculture (USDA)

    6. Veterans Affairs (VA) - VA's Privacy Act System of Records, Compensation, Pension, Education, and Rehabilitation Records--VA (58VA21/22/28)

    Some agencies are currently in the process of confirming their applicable CAIVRS SORNs and routine uses that allow for disclosures to DNP. Links to those SORNs will be posted as they are identified.

  2. Treasury Offset Program (TOP) Debt Check of the Department of the Treasury - FMS .014 – Debt Collection Operations System

  3. SAM Entity Registration and Exclusion Records (referred to in IPERIA as Excluded Party List System) of the General Services Administration (GSA)

  4. List of Excluded Individuals & Entities of the Office of Inspector General of the Department of Health and Human Services (HHS) – Health Care Program Violations

  5. Treasury/Bureau of the Fiscal Service .023 – Do Not Pay Payment Verification Records

Variations between data source record retention schedules or other restrictions (e.g. routine uses) and the Treasury/Bureau of the Fiscal Service .023 SORN will be listed below.

On October 7, 2012, the Secretary of the Treasury issued Treasury Order 136–01, establishing within the Department of the Treasury the Bureau of the Fiscal Service (Fiscal Service). The new bureau consolidated the bureaus formerly known as the Financial Management Service (FMS) and the Bureau of the Public Debt (BPD). On October 2, 2013, Fiscal Service published a final rule that changed references in 31 CFR Part 202-391 from “FMS” or “BPD” to "Fiscal Service."

Final Rule (October 2, 2013)

Computer Matching Agreements (CMAs)

A computer matching program is required by the Privacy Act for any computerized comparison of two or more automated systems of records, or a system of records with non-federal records, for the purpose of establishing or verifying eligibility or compliance as it relates to cash or in-kind assistance or payments under federal benefit programs.

Under to 5 U.S.C. § 552a(o), any record contained in a system of records may only be disclosed to a recipient agency or non-federal agency for use in a computer matching program pursuant to a CMA. DNP computer matching programs published in the Federal Register and other matching documentation are provided below:

DNP CMA with HHS Centers for Medicare & Medicaid Services (CMS)

DNP CMA with HUD

Data Correction Process

Improper Payments Elimination and Recovery Improvement Act (IPERIA) of 2012 requires that DNP describe the data correction process on its website. Whenever an original source agency receives a request for correction of data, it may follow its existing process for handling such requests in accordance with applicable laws, regulations, or policies. The agency will promptly review the request and make a determination. If the agency determines that corrections are needed to data, the data will be corrected at both the original source agency and in the DNP portal to avoid discrepancies between two versions of the same dataset.

Please direct any requests to correct the original source agency's data to the corresponding original source agency. The data sources and corresponding agencies are listed below:

Table may scroll on smaller screens 

Data Source Contact Information Examples of Data Correction Request Triggers
Credit Alert System (CAIVRS) - DOJ

www.justice.gov/oip/submit-and-track-request-or-appeal

To submit a Privacy Act request to DOJ's Office of Information Policy (OIP), please submit your request by mail or fax to:

Office of Information Policy
Department of Justice
Suite 11050
1425 New York Avenue, N.W.
Washington, D.C. 20530-0001
Phone: (202) 514-3642 (FOIA)
Fax: (202) 514-1009
If an individual is not a delinquent federal borrower.
Credit Alert System (CAIVRS) – HUD

If you are making a written request for data correction, letters should be addressed to:

Privacy Act Officer
Department of Housing and Urban Development
451 7th St. SW, CVB-4th Floor
Washington, DC 20410

Read More at HUD.gov

If an individual is not a delinquent federal borrower.
Credit Alert System (CAIVRS) – SBA

www.sba.gov/content/privacy-act-requests

If an individual is not a delinquent federal borrower.
Credit Alert System (CAIVRS) – USDA Rural Development (RD)

Phone: 800-428-9643
Email: rd.nfaoc.dcib@stl.usda.gov

If an individual is not a delinquent federal borrower.
Credit Alert System (CAIVRS) – VA

VA Privacy Service, 202-273-5070

www.oprm.va.gov/oprm/resources_oprm.aspx

If an individual is not a delinquent federal borrower.
GSA’s System for Award Management (SAM) – Entity Registration Records and Exclusion Records

The agency taking the exclusion action and that agency’s designated Exclusions Point of Contact.

SAM Customer Service: Federal Service Desk
866-606-8220
www.fsd.gov

If an individual is listed as debarred and that is not the case.
HHS OIG List of Excluded Individuals & Entities (LEIE)

HHS OIG External Affairs Office,
202-691-2311
sanction@oig.hhs.gov

If an entity should not be excluded from participating in federal health care programs.
SSA’s Death Master File (DMF)

The individual’s local social security office, which can be found at: secure.ssa.gov/ICON/main.jsp

If a payee is listed as deceased and that is not the case.
Treasury Offset Program (TOP) Debt Check

Creditor agencies or Treasury Offset Division (TOD) resulting from direct debtor communication.

TOP Help Desk: 800-304-3107

If an individual does not owe delinquent non-tax debts to the federal government (and participating States).

Privacy Impact Assessments

Section 208 of the E-Government Act of 2002 requires agencies to conduct Privacy Impact Assessments (PIA) for information technology (IT) systems or projects that collect, maintain or disseminate personally identifiable information (PII) from or about members of the public. A PIA is required for new systems or projects, those systems undergoing modification or enhancement, and Paperwork Reduction Act electronic collections of information. OMB Memorandum M-03-22, (9/26/2003), contains guidance for conducting PIAs as well as procedures for processing and posting completed assessments. Below are links to individual PIAs relevant to DNP: Treasury’s Working System PIA

Destination Requests for New Data Sources

For OMB to consider adding a new government or commercial data source, Do Not Pay must submit to OMB a written assessment to document the suitability of the new data source. When considering additional data sources for designation, OMB will consider at a minimum:

  1. Statutory or other limitations on the use and sharing of specific data;
  2. Privacy restrictions and risks associated with specific data;
  3. Likelihood that the data will strengthen program integrity across programs and agencies;
  4. Benefits of streamlining access to the data through the central DNP Initiative;
  5. Costs associated with expanding or centralizing access, including modifications needed to system interfaces or other capabilities in order to make data accessible; and
  6. Other policy and stakeholder considerations, as appropriate. Before designating additional data sources, OMB will publish a 30-day notice of the designation proposal in the Federal Register asking for public comment. At the conclusion of the 30-day comment period, if OMB decides to finalize the designation, OMB will publish a notice in the Federal Register to officially designate the data source for inclusion in the DNP Initiative.

Last modified 11/13/18