EPA Privacy Act System of Records Modification, Comment by May 18

Content

ACTION:

Notice of a modified system of records.

SUMMARY:

The U.S. Environmental Protection Agency's (EPA or Agency) Office of Finance and Administration is giving notice that it proposes
to modify a system of records pursuant to the provisions of the Privacy Act of 1974. Compass records and tracks accounts receivable
to help the Agency collect debts owed; records and tracks accounts payable for authorized travel and other services; supports
tracking and execution of the Agency's budget; and provides reporting across these activities. The modification is to add
a new routine use as required by Executive Order 14249 and Office of Management and Budget (OMB) Memorandum M-25-32. The notice
also updates the contact information for the Agency Privacy Officer.

DATES:

This action will become effect on April 16, 2026. The routine uses in this action will become effective May 18, 2026, unless
the EPA makes changes based on comments received. Written comments should be submitted on or before May 18, 2026.

Persons wishing to comment on this system of records notice must do so by May 18, 2026.

ADDRESSES:

Submit your comments, identified by Docket ID No. EPA-HQ-OFA-2026-1882, by one of the following methods:

Federal eRulemaking Portal: https://www.regulations.gov. Follow the online instructions for submitting comments.

Email: docket_oms@epa.gov. Include the Docket ID number in the subject line of the message.

Fax: 202-566-1752.

Mail: OMS Docket, Environmental Protection Agency, Mail Code: 2822T, 1200 Pennsylvania Ave. NW, Washington, DC 20460.

Hand Delivery: OMS Docket, EPA/DC, WJC West Building, Room 3334, 1301 Constitution Ave. NW, Washington, DC 20460. Such deliveries are only
accepted during the Docket's normal hours of operation, and special arrangements should be made for deliveries of boxed information.

Instructions: Direct your comments to Docket ID No. EPA-HQ-OFA-2026-1882. The EPA policy is that all comments received will be included
in the public docket without change and may be made available online at https://www.regulations.gov, including any personal information provided, unless the comment includes information claimed to be Controlled Unclassified
Information (CUI) or other information for which disclosure is restricted by statute. Do not submit information that you consider
to be CUI or otherwise protected through https://www.regulations.gov. The https://www.regulations.gov website is an “anonymous access” system for EPA, which means the EPA will not know your identity or contact information unless
you provide it in the body of your comment. Each agency determines submission requirements within their own internal processes
and standards. EPA has no requirement to include personal information. If you send an email comment directly to the EPA without
going through https://www.regulations.gov your email address will be automatically captured and included as part of the comment that is placed in the public docket
and made available on the internet. If you submit an electronic comment, the EPA recommends that you include your name and
other contact information in the body of your comment. If the EPA cannot read your comment due to technical difficulties and
cannot contact you for clarification, the EPA may not be able to consider your comment. Electronic files should avoid the
use of special characters, any form of encryption, and be free of any defects or viruses. For additional information about
the EPA public docket, visit the EPA Docket Center homepage at https://www.epa.gov/dockets.

Docket: All documents in the docket are listed in the https://www.regulations.gov index. Although listed in the index, some information is not publicly available, e.g., CUI or other information for which disclosure is restricted by statute. Certain other material, such as copyrighted material,
will be publicly available only in hard copy. Publicly available docket materials are available either electronically in https://www.regulations.gov or in hard copy at the OMS Docket, EPA/DC, WJC West Building, Room 3334, 1301 Constitution Ave. NW, Washington. DC 20460.

We encourage the public to submit comments via https://www.regulations.gov or email, as there may be a delay in processing mail and faxes. Hand deliveries and couriers may be received by scheduled
appointment only. For further information on EPA Docket Center services and the current status, please visit us online at https://www.epa.gov/dockets. The telephone number for the Public Reading Room is (202) 566-1744, and the telephone number for the OMS Docket is (202)
566-1752.

FOR FURTHER INFORMATION CONTACT:

Please submit questions to Lee Kelly, Agency Privacy Act Officer, 1200 Pennsylvania Ave. NW, Washington, DC 20460; telephone
number: (202) 566-1197, email address: kelly.lee@epa.gov.

SUPPLEMENTARY INFORMATION:

EPA is modifying this system of records notice (SORN) to comply with Executive Order 14249 and OMB Memorandum M-25-32, which
require agencies to modify relevant SORNs to include a routine use that allows for the disclosure of records to the U.S. Department
of the Treasury for the purpose of identifying, preventing, or recouping fraud and improper payments. Additionally, EPA is
updating the contact information for the Agency Privacy Officer. This system of records is composed of an accounts receivable
module and travel and other accounts payable modules. The system contains personal identifying information such as names,
addresses, and Social Security numbers of people indebted to or owed money by EPA. The accounts receivable module contains
information about the nature of the debt or claim, the amount owed, the historical status of the debt, and information that
relates to and documents efforts to collect debts owed the Agency. The travel and other accounts payable modules contain information
about the travel authorization; travel vouchers, which support the claim for the reimbursement to the travel; travel advance
authorizations, which provide fund advances to pay travel expenses incurred in the performance of official government business;
and finally itemized invoices for other services performed for EPA. In both modules, banking information necessary to support
electronic funds transfers may be maintained.

SYSTEM NAME AND NUMBER:

Compass Financials IT System, EPA-29.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

National Computer Center, Environmental Protection Agency, Research Triangle Park, North Carolina 27711; other EPA offices.

SYSTEM MANAGER(S):

Controller, Office of Financial Operations and Management, Environmental Protection Agency, William Jefferson Clinton Building,
1200 Pennsylvania Avenue NW, Washington, DC 20460.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

OMB Circular A-127; Chief Financial Officers Act of 1990, Public Law 101-576; Federal Managers Financial Integrity Act of
1982, Public Law 97-255 (31 U.S.C. 3512 et seq.); 31 U.S.C. Chapter 11.

PURPOSE(S) OF THE SYSTEM:

Records in the accounts receivable module is used primarily to create a record of, and track, all accounts receivable and
to assist the EPA in collecting debts owed the Agency. Records in the travel and other accounts payable modules are used primarily
to create a record of and to track all monies owed by the EPA for authorized travel and for other services performed for the
EPA. Tracks and executes the Agency's budget. The system provides reporting in all areas listed above.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals who owe monies to and individuals who are owed monies from the Environmental Protection Agency are covered by
the system. This includes, but is not limited to, individuals who owe monies to the EPA for refunds, penalties, travel advances,
Interagency Agreements, or Freedom of Information Act Requests. This system also contains information on corporations and
other entities that are in debt to the EPA. This system also includes monies owed by the EPA to Agency employees, consultants,
private citizens, and others who travel or perform other services for the EPA.

CATEGORIES OF RECORDS IN THE SYSTEM:

This system of records is composed of an accounts receivable module, travel, other accounts payable modules and reporting.
The system contains personal identifying information such as names, addresses, and Social Security numbers

  of persons indebted to or owed money by the EPA. The accounts receivable module contain information about the nature of the
  debt or claim, the amount owed, the historical status of the debt, and information that relates to and documents efforts to
  collect debts owed the Agency. The travel and other accounts payable modules contain information about the travel authorization;
  travel vouchers, which support the claim for the reimbursement to the travel; travel advance authorizations, which provide
  fund advances to pay travel expenses incurred in the performance of official government business; and itemized invoices for
  other services performed for the EPA. In both modules, banking information necessary to support electronic funds transfers
  may be maintained.

RECORD SOURCE CATEGORIES:

Record subjects, supervisors, consumer reporting agencies, debt collection agencies, the Department of the Treasury and other
Federal agencies.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

General routine uses D, E, F, G, K and L apply to this system. Records may also be disclosed:

1. To the Department of Treasury for Purpose of carrying out the EPA's financial management functions and responsibilities.
   This refers to the routine, system-driven processes that enable core financial management activities, such as payment processing,
   financial reporting, reconciliations, and other operational transactions necessary to support the agency's financial operations.
   Another use for Treasury is to identify and prevent payment errors, waste, fraud, and abuse within federal spending.

2. To disclose limited debtor information to debt collection agencies under contract with the EPA solely for the purpose of
   collecting debts owed to the Agency. For this routine use, “debtor information” is limited to the individual's name, address,
   Social Security number, and other information necessary to identify the individual; the amount, status, and history of the
   claim; and the agency or program under which the claim arose. Debt collection agencies must comply with the Privacy Act, and
   their agents are subject to the Act's criminal penalty provisions.

3. To the U.S. Department of the Treasury when disclosure of the information is relevant to review payment and award eligibility
   through the Do Not Pay Working System for the purposes of identifying, preventing, or recouping improper payments to an applicant
   for, or recipient of, Federal funds, including funds disbursed by a state (meaning a state of the United States, the District
   of Columbia, a territory or possession of the United States, or a federally recognized Indian Tribe) in a state-administered,
   federally funded program.

Disclosure to Consumer Reporting Agencies

Pursuant to 5 U.S.C. 552a(b)(12), disclosure may be made to a consumer reporting agency as defined in the Fair Credit Reporting
Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966 (31 U.S.C. 3701(a)(30)).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

The Compass Momentum component stores records on a storage area network (SAN), located at Research Triangle Park, North Carolina.
Backup tapes are maintained at a disaster recovery site. The Compass Data Warehouse also stores data on a SAN, located at
Research Triangle Park, North Carolina.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Accounts receivable module records are indexed by account receivable control number (a number assigned to each “incoming”
account receivable). Individual records can be accessed by using a cross-reference table which links accounts receivable control
numbers with the debtor's name and records. Travel and other accounts payable module records are retrievable by name and social
security number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are maintained for 6 years and 3 months after final payment, in accordance with applicable federal records schedules.
They are deleted when applicable records schedules allow and when no longer needed for agency business, unless related to
the Superfund program cost recovery efforts. In accordance with applicable federal records schedules, Superfund cost recovery
records are maintained more than 30 years after the completion of cost recovery at the site. The Records Control Schedule
is #054.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Security controls used to protect personally identifiable information in Compass Financials IT are commensurate with those
required for an information system rated moderate for confidentiality, integrity, and availability, as prescribed in NIST
Special Publication, 800-53, “Security and Privacy Controls for Information Systems and Organizations,” Revision 5.

1. Administrative Safeguards: EPA personnel are required to complete annual agency Information Security and Privacy training. EPA personnel are instructed
to lock their computers when they leave their desks.

2. Technical Safeguards: Electronic records are maintained in a secure, password protected electronic system. Compass Financials IT System access is
limited to authorized, authenticated users. All of the system's electronic communication utilizes Transport Layer Security
(TLS) secure communication protocol for all transactions.

3. Physical Safeguards: All records are maintained in secure, access-controlled areas or buildings.

RECORD ACCESS PROCEDURES:

All requests for access to personal records should cite the Privacy Act of 1974 and reference the type of request being made
(i.e., access). Requests must include: (1) the name and signature of the individual making the request; (2) the name of the Privacy
Act system of records to which the request relates; (3) a statement whether a personal inspection of the records or a copy
of them by mail is desired; and (4) proof of identity. A full description of EPA's Privacy Act procedures for requesting access
to records is included in EPA's Privacy Act regulations at 40 CFR part 16.

CONTESTING RECORD PROCEDURES:

Requests for correction or amendment must include: (1) the name and signature of the individual making the request; (2) the
name of the Privacy Act system of records to which the request relates; (3) a description of the information sought to be
corrected or amended and the specific reasons for the correction or amendment; and (4) proof of identity. A full description
of EPA's Privacy Act procedures for the correction or amendment of a record is included in EPA's Privacy Act regulations at
40 CFR part 16.

NOTIFICATION PROCEDURES:

Individuals who wish to be informed whether a Privacy Act system of records maintained by EPA contains any record pertaining
to them, should make a written request to EPA, Attn: Agency Privacy Officer, MC 2810A, 1200 Pennsylvania Ave. NW, Washington,
DC 20460, privacy@epa.gov, or submit their request online at https://epabap.my.site.com/privacy/s/. A full

  description of EPA's Privacy Act procedures is included in EPA's Privacy Act regulations at 40 CFR part 16.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

History: N/A.

FRL-7145-7-posted on February 22, 2002: The EPA provided notice that it proposed to establish a new system of records, the EPA Travel, Other Accounts Payable, and
Accounts Receivable Files.

Carter Farmer, Senior Agency Official for Privacy. [FR Doc. 2026-07406 Filed 4-15-26; 8:45 am] BILLING CODE 6560-50-P

Download File

Download