TREASURY DIRECTIVE: 25-06
DATE: January 16, 2009
SUBJECT: The Treasury Data
Integrity Board
1. PURPOSE. This directive establishes a Department of
the Treasury Data Integrity Board (hereafter referred to as the
"Board") pursuant to the Computer Matching and Privacy Protection Act
of 1988 (Pub. L.100-503). It also sets
forth the policy and procedures to be implemented by the Board.
2. SCOPE. This directive applies to all
bureaus, offices, and organizations in the Department of the Treasury that have or propose to engage in
matching programs subject to the Computer Matching and Privacy Protection Act
(hereafter referred to as the "Computer Matching Act"). The authority of the Inspectors General
is set forth in Section 3, of the Inspector General Act and the Internal
Revenue Service Restructuring and Reform Act, and defined in Treasury Order
114-01 (OIG) and Treasury Order 115-01 (TIGTA), or successor orders. The provisions of the Directive shall not be
construed to interfere with that authority.
3. POLICY. It is the policy of the Department of the
Treasury that:
a. the Board shall provide Departmental
oversight and coordinate the implementation of the Computer Matching Act within
the Department; and
b. all bureaus that conduct matching programs
covered by the Computer Matching Act shall:
1) develop matching agreements approved by both
source and recipient agencies; and
2) submit such agreements to the Board for
approval at least 60 days before the date the match is to be conducted.
4. BACKGROUND. The Computer Matching Act amends the Privacy
Act of 1974 (hereafter referred to as the "Privacy Act") to establish
procedural safeguards regarding the use of Privacy Act records by Federal
agencies for certain types of computerized matching programs. Each Federal agency that acts as either a
source or recipient in a matching program is required to establish a Board to
oversee the agency's participation.
5. DEFINITIONS. Since the Computer Matching Act is an
amendment of the Privacy Act of 1974, the provisions of the Computer Matching
Act should be read within the context of the Privacy Act. All the terms defined in the Privacy Act, 5
USC 552a(a)(8)-(13), apply.
6. TREASURY
DATA INTEGRITY BOARD. The Board
is responsible for oversight and coordination of computer matching programs
covered by the Computer Matching Act within the Department. The membership of the Board consists of
senior executive officials designated by the Department and Bureau Heads. The senior executive officials are designated
from Departmental Offices and the bureaus. The Board may delegate
responsibilities such as compiling reports, advising program officials, and
maintaining and distributing information about the accuracy and reliability of
data used in matching. The approval of
matching agreements may not be delegated.
The Attachment describes the operational procedures of the Board. The principal responsibilities of the Data
Integrity Board are listed below.
a. Review, approve, and maintain all written
agreements for receipt or disclosure of Department records for matching
programs to ensure compliance with all relevant statutes, regulations, and
guidelines.
b. Review all matching programs in which
Treasury has participated during the year, either as a source agency or
recipient agency; determine compliance with applicable laws, regulations,
guidelines, and Department agreements; and assess the costs and program
benefits.
c. Review all recurring matching programs in
which Treasury has participated during the year, either as a source agency or
recipient agency, for continued justification for such disclosures.
d. Serve as a clearinghouse for receiving and
providing information on the accuracy, completeness, and reliability of records
used in matching programs.
e. Review all requests for pilot matches.
Approve or disapprove such requests based upon the assessment of the supporting
documentation.
f. Review and approve written requests for a
waiver of the cost-benefit analysis for initial statutorily mandated matches.
g. Provide interpretation and guidance to
Treasury components and personnel on the requirements for matching programs and
privacy protection.
h. Review Treasury recordkeeping and disposal
policies and practices for matching programs to assure compliance with the
requirements for matching programs and privacy protection.
i. May review and report on any Treasury
matching activities that are not matching programs.
j. All decisions of the Board shall be
well-documented. The Board must find
that agreements conform to the provisions of the Computer Matching Act and
appropriate guidelines, regulations, and statutes.
7. RESPONSIBILITIES.
a. The Chief Information Officer, the
Inspector General, and the Treasury Inspector General for Tax Administration
shall serve as mandatory members of the Board, as required by the Computer
Matching Act.
b. Heads of Bureaus, the Inspector General,
the Treasury Inspector General for Tax Administration, and the Assistant
Secretary for Management and Chief Financial Officer for Departmental Offices,
as it relates to their respective bureaus and offices, shall:
1) establish internal bureau procedures to
ensure the effectiveness of the Computer Matching Act Program. The procedures shall be consistent with:
(a) Office of Management and Budget (OMB)
Matching Guidelines;
(b) OMB Circular A-130;
(c) the Privacy Act of 1974, as amended; and
(d) OMB Bulletin 89-22;
2) ensure that employees responsible in any part
for matching activities are knowledgeable about the provisions and requirements
of the Computer Matching Act;
3) report new and ongoing matching activities to
the Board; and
4) submit the following information, as
required, to the Board:
(a) data for OMB's Biennial Matching Activity
Report to Congress; and
(b) a report on the
review of each ongoing matching program in which the component has participated
during the year, either as a source or as a matching agency.
c. The Director, Information Management, of
the Office of the Chief Information Officer shall provide the day-to-day
operational support for the Board and shall:
1) validate that matching agreements are posted
to the DIB Share Point Portal and notify
Board members;
2) ensure
that components address a Board member’s disapproval of a matching agreement or
non-concurrence;
3) provide a summary of Board members'
recommendations to the Chairperson for final approval or disapproval;
4) maintain the official files on
correspondence, OMB guidelines, procedures, and any other documentation
pertinent to the Board and its activities;
5) prepare correspondence, reports, schedules,
plans, and procedures as necessary for the Board to oversee and coordinate
computer matching and privacy protection activities within the Department;
6) provide
critical review and analysis of issues and problems impacting computer matching
and privacy protection activities within Treasury; and
7) advise the Board on the operational
implications of policy decisions made necessary by congressional, OMB, and/or
Board action.
8) annually
collect data required by the Computer Matching Act summarizing each year’s
computer matching activity, and submit a report to the Secretary and OMB on
those activities every two years as required by OMB Circular A-130, Appendix 1,
which will be made available to the public on request. The report shall
describe:
(a) the matching activities Treasury has
participated in as a source or recipient agency;
(b) matching agreements disapproved by the Board;
(c) any changes in Board membership or structure
during the preceding year;
(d) the reasons for any waiver of the requirements
of the Computer Matching Act;
(e) any violations of matching agreements and
corrective action taken; and
(f) any other information required by the Director
of OMB to be included in such report.
d. The Departmental Privacy Act Officer
shall:
1) serve as a permanent member and the Secretary
to the Board;
2) provide policy guidance and direction on
privacy protection matters as they relate to computer matching and the implementation
of those portions of the Computer Matching Act that deal with the protection of
the rights of individuals;
3) maintain the minutes of Board meeting; and
4) review and publish notices of matching
programs.
8. REQUIREMENTS. Treasury components undertaking matching
programs covered by the Computer Matching Act need to make sure they comply
with requirements set forth in the guidance from OMB published in the Federal
Register on June 19, 1989, and also with applicable laws, particularly the Privacy
Act, 5 USC 552a.
a. Comply with Privacy Act systems of records
and disclosure provisions.
b. Provide prior notice to record subjects.
c. Publish matching notices as required.
d. Prepare and execute matching agreements.
e. Obtain approval by the Board of all matching
agreements.
f. Submit reports to OMB and Congress.
g. Provide due process to matching subjects.
9. REVIEW
OF MATCHING PROGRAMS. Components
submitting matching agreements for the Board's approval shall send a memorandum
to the Director, Information Management that states the purpose of the matching
agreement and provides a summary of revisions, if applicable. This memorandum should be prepared by the
component function designated as the liaison to the Board. Components are responsible for:
a. posting matching agreement on the Data
Integrity Board (DIB) Share Point Portal;
b. submitting notices of the establishment, or
alteration, of matching programs to the Departmental Privacy Act Officer for
publication in the Federal Register at least 60 days before conducting a match;
and
c. transmitting the matching program report and
supporting documentation to the Senate Committee on Governmental Affairs and to
the House Committee on Government Reform and Oversight and to OMB at least 40
days prior to the initiation of matching activity.
10. APPEALS
OF DENIALS OF MATCHING AGREEMENTS.
a. Disapproval by the Board. If the Board disapproves a matching
agreement, a party to the agreement may appeal the disapproval to the Director,
OMB,
1) copies of all documentation accompanying the
initial matching agreement proposal;
2) a copy of the Board's disapproval and reasons
therefore;
3) evidence supporting the cost effectiveness of
the match; and
4) other relevant information, i.e., timing
considerations, public interest served by the match, etc.
b. OMB Approval. A matching program approved by OMB in
response to such appeal will not become effective until 30 days after the
Director, OMB, reports the decision to Congress.
c. Recourse by the Inspector General or the
Treasury Inspector General for Tax Administration. If the Board and the Director, OMB, both
disapprove a matching program proposed by the Inspector General of the agency
or the Treasury Inspector General for Tax Administration, the Inspector General
or the Treasury Inspector General for Tax Administration may report that
disapproval to the head of the agency and to the Congress.
11. COST-BENEFIT
ANALYSIS. Components proposing
matching programs must provide the Board with all information that is relevant
and necessary to allow the Board to make an informed decision, including a
cost-benefit analysis. Statutorily
mandated matches need not demonstrate a positive dollar cost-benefit analysis. The Board may waive the cost-benefit analysis
requirement if the determination to waive the requirement is made in
writing. In most instances, the Board
will approve matching only if the cost-benefit analysis demonstrates that
matching is likely to be cost effective.
12. AUTHORITIES.
a. The Computer Matching and Privacy Protection
Act of 1988, as amended, (Pub. L. 100-503).
b. The Privacy Act of 1974, as amended, 5 USC
552a.
c. OMB Circular A-130, Revised, Transmittal
Memorandum 1, "Management of Federal Information Resources," Appendix
I.
d. OMB Bulletin 89-22, "Instructions on
Reporting Computer Matching Programs to the Office of Management and Budget
(OMB), Congress and the Public".
e. OMB Final Guidance Interpreting the
Provisions of Public Law 100-503, the Computer Matching and Privacy Protection
Act of 1988.
f. OMB Guidelines on the Administration of the
Privacy Act of 1974.
13. CANCELLATION. Treasury Directive 25-06, "The Treasury
Data Integrity Board," dated June 22, 2001, is superseded.
14. OFFICES
OF PRIMARY INTEREST. Office of
the Deputy Assistant Secretary for
Information Systems and Chief Information Officer, Office of the
Assistant Secretary for Management and Chief Financial Officer.
/S/
Peter B. McCarthy
Assistant Secretary for Management
and Chief Financial
Officer
Attachment