Privacy Requirements

The Privacy Act of 1974 (5 U.S.C. § 552a) mandates how federal agencies maintain records about individuals. Per OMB Circular A-130, Personally Identifiable Information (PII) is "information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual."

EPA systems/applications that collect PII must comply with EPA's Privacy Policy and procedures to guard against unauthorized disclosure or misuse of PII in all forms. These include, but are not limited to the following Information Directives:

  • Privacy Act Statement – Systems/applications that collect privacy information from individuals, must provide a Privacy Act Statement. This statement informs individuals of the types of information being collected, why it is being collected, and how it is used.
  • System of Records Notice (SORN) – Systems/applications that store or retrieve information by name or personal identifier must publish a System of Records Notice (SORN) in the Federal Register explaining the existence, character, and uses of a new or revised System of Record (SOR), which is covered by the Privacy Act.

Ensuring compliance with EPA privacy policies/procedures is usually the responsibility of the federal project lead. For more information on EPA's implementation of the Privacy Act, refer to EPA's Privacy site and EPA's Privacy-related Information Directives.

Developer Central

Contact Us About Developer Central
Contact Us to ask a question, provide feedback, or report a problem.
Last updated on March 7, 2024