An official website of the United States government.

This is not the current EPA website. To navigate to the current EPA website, please go to www.epa.gov. This website is historical material reflecting the EPA website as it existed on January 19, 2021. This website is no longer updated and links to external websites and some internal pages may not work. More information »

Related Topics:
Contact Us

Privacy Impact Assessment for the Contract Payment System

On this page:

I. Data in the System

  1. Generally describe what data/information will be collected in the system.

    CPS collects name, address, SSN, TIN and contract related information.

  2. What are the sources and types of the information in the system?

    The sources of information within CPS are vendor contracts, delivery orders and invoices. This data is used to support the processing of contract related documentation (Obligations, Invoices...). This information is entered into CPS via direct data entry, based on specific details on the contracts, delivery orders and invoices. This information includes the vendor name, address, SSN/TIN and other contract related information.

  3. How will the data be used by the Agency?

    The data collected is used to support the processing of contract related documentation (Obligations, Invoices...).

  4. Why is the information being collected? (Purpose)

    The data collected is used to support the processing of contract related documentation (Obligations, Invoices...).

Top of Page

II. Access to the Data

  1. Who will have access to the data/information in the system (internal and external parties)? If contractors, are the Federal Acquisition Regulations (FAR) clauses included in the contract (24.104 Contract clauses; 52.224-1 Privacy Act Notification; and 52.224-2 Privacy Act)?

    Only EPA personnel and SEE employees, who have a need and are authorized, can access the CPS data. We do not allow the public or outside parties to access CPS.

  2. What controls are in place to prevent the misuse of data by those having authorized access?

    User access to the data is restricted based on the user's role in CPS. The CPS coordinator in the Program Offices determines the level of access needed to the data for each user. Access is limited to those staff members that currently review, approve, fund and process contract related documentation. This is covered in the Comptroller Policy Announcement PA02-03 located at http://intranet.epa.gov/ocfo/policies/policy/pa02-03.pdf. This Policy is supplemented by CPS's rules of behavior.

  3. Do other systems share data or have access to data/information in this system? If yes, explain who will be responsible for protecting the privacy rights of the individuals affected by the interface? (i.e., System Administrators, System Developers, System Managers)

    Fully routed CPS documents are interfaced electronically into the Integrated Financial Management System (IFMS). There is no direct exchange of data between CPS and IFMS. The transfer jobs run under a batch-only user-id. This mirrors the way these documents are manually entered into IFMS. Our Memorandum of Understanding with the interfacing system establishes who is responsible for protecting the privacy rights of individuals. We have identified the system administrator as being responsible for ensuring the privacy rights of individuals are protected as well as all users of the system.

  4. Will other agencies, state or local governments share data/information or have access to data in this system? (Includes any entity external to EPA.)

    No.

  5. Do individuals have the opportunity to decline to provide information or to consent to particular uses of the information? If yes, how is notice given to the individual? (Privacy policies must clearly explain where the collection or sharing of certain information may be optional and provide users a mechanism to assert any preference to withhold information or prohibit secondary use.)

    No.

Top of Page

III. Attributes of the Data

  1. Explain how the use of the data is both relevant and necessary to the purpose for which the system is being designed.

    The data is both relevant and necessary to allow us to make proper payments to agency vendors.

  2. If data are being consolidated, what controls are in place to protect the data from unauthorized access or use? Explain.

    There is no direct exchange of data between CPS and IFMS. The transfer jobs run under a batch-only user-id. A Memorandum of Understanding has been established between CPS and IFMS.

  3. If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access? Explain.

    There is no direct exchange of data between CPS and IFMS. The transfer jobs run under a batch-only user-id. A Memorandum of Understanding has been established between CPS and IFMS.

  4. How will data be retrieved? Can it be retrieved by personal identifier? If yes, explain. (A personal identifier is a name, Social Security Number, or other identifying symbol assigned to an individual, i.e. any identifier unique to an individual.)

    CPS documentation is prepared for a specific contract. Documents can be selected based upon the vendor's name or the contract number.

  5. What achievements of goals for machine readability have been incorporated into this system? Where is the policy stated? (Machine readable technology enables visitors to easily identify privacy policies and make an informed choice about whether to conduct business with that site.)

    N/A

Top of Page

IV. Maintenance of Administrative Controls

  1. Has a record control schedule been issued for the records in the system? If so, provide the schedule number. What are the retention periods for records in this system? What are the procedures for eliminating the records at the end of the retention period? (You may check with the record liaison officer (RLO) for your AA-ship, Tammy Boulware (Headquarters Records Officer) or Judy Hutt, Agency Privacy Act Officer, to determine if there is a retention schedule for the subject records.)

    Currently, there are no plans to eliminate CPS data.

  2. While the data are retained in the system, what are the requirements for determining if the data are still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?

    Currently, there are no plans to eliminate CPS data.

  3. Will this system provide the capability to identify, locate, and monitor individuals? If yes, explain.

    No.

  4. Does the system use any persistent tracking technologies?

    Within CPS we can identify changes made to contract related documentation. Each time a CPS user modifies contract related documentation an additional layer of the document is stored. This allows tracking of each instance where documents were modified.

  5. Under which System of Records (SOR) notice does the system operate? Provide the name of the system and its SOR number if applicable. For reference, please view this list of Agency SORs. (A SOR is any collection of records under the control of the Agency in which the data is retrieved by a personal identifier. The Privacy Act Officer will determine if a SOR is necessary for your system.)

    CPS operates under the System of Records notice EPA-29, Travel, Other Accounts Payable and Accounts Receivable Files.

Top of Page

Contact Us to ask a question, provide feedback, or report a problem.