United States Environmental Protection Agency Office of Enforcement and Compliance Assurance (2201A) EPA 300-N-99-010 SEPA Enforcement Alert Y2K: Is Your Facility Ready? Regulated Entities Have an Obligation to Prevent Hazardous Releases The U.S. Environmental Protection Agency (EPA) is encouraging regulated entities to take prompt and proper measures to prevent potential Year 2000 (Y2K) computer failures that may cause releases detrimental to hu- About Enforcement Alert "Enforcement Alert" L published periodically by the Office of Regulatory Enforcement to inform and educate the public and regulated community of important environmental enforcement issues, recent trends and significant enforcement actions. This information should helpthe regulated community anticipate and prevent violations of federal environmental law that could otherwise lead to enforcement action. See Page 4 for useful EPA Websites and additional resources. Eric V. Schaeffer Director, Office of Regulatory Enforcement Editor: Virginia Bueno (202) 564-8684 bueno.virginia@epamail.epa.gov Please email all address and name changes or subscription requests for this newsletter. man health and the environment. A number of federal environmental laws require regulated entities to be de- signed, operated, and maintained in a manner to prevent hazardous releases into the environment. Due to potential Y2K computer chip and programming problems, date-related failures could occur that may lead to the release of hazardous chemicals or other pollutants into the air, water and land. This issue of Enforcement Alert highlights: • Several laws that require the prevention of releases to the environ- ment; • Examples of potential Y2K problems; and • Recommended steps to avoid potential Y2K, environment or public health problems. In addition, this issue directs read- ers' attention to new legislation, H.R. 775, the "Y2K Act," which was signed by President William J. Clinton on July 20. This time-limited legislation is de- signed to establish certain procedures for civil actions brought for damages relating to Year 2000 computer failures. Finally in this issue, EPA highlights its new enforcement policy that is in- tended to encourage regulated entities to perform computer testing for poten- tial Y2K glitches. the of The Clean Air Act's (CAA) "Gen- eral Duty Clause," Section 112(r)(l), requires owners and operators of sta- Continued on page 2 Air Act 112(r) Accidental Release: An unanticipated emission of a regulated substance or other extremely hazardous substance (EHS). Listed Substances: List of chemical substances that pose the greatest risk of causing death, injury, or serious adverse effects to human health and the environ- ment including, but not limited to, the list of extremely hazardous substances (EHS) published under the Emergency Planning and Community Right-to-Know Act (EPCRA). Stationary Source: Buildings, structures, equipment installations or substance emitting stationary activities that belong to the same industrial group; are located on one or more contiguous properties; are under control of the same person (or persons under common control); and may have an accidental release. ------- Enforcement Alert Continued from page 1 tionary sources producing, processing, handling or storing listed substances or extremely hazardous substances ("regulated" substances) to: • Identify hazards that may re- sult from accidental releases using ap- propriate hazard assessment tech- niques; • Design and maintain a safe fa- cility, taking such steps as are neces- sary to prevent releases; and • Minimize the consequences of accidental releases that occur. This clause applies to any station- ary sources that handle any extremely hazardous substance regardless of the quantity on-site. The Resource Conservation and Recovery Act (RCRA) requires generators and owners and operators of hazardous waste treatment, storage and disposal facilities to maintain and operate their facilities to mini- mize the possibility of a fire, explosion, or any unplanned sudden or non-sudden release of hazardous waste or haz- ardous waste constitu- ents to air, soil, or sur- face water, which could threaten human health or the environment. 40 C.F.R. Sections 262.34(a)(4), 264.31 and 265.31. All Y2K computer failures that po- tentially could cause a fire, explosion, or unplanned sudden or non-sudden re- lease to the environment need to be ad- dressed by the hazardous waste gen- erators and treatment, storage and dis- posal (TSD) facilities. The Clean Water Act (CWA) states that the discharge of any pollutant with- out a permit or in violation of a permit is illegal; facilities that discharge to wa- ter must maintain compliance with their permits. The Safe Drinking Water Act (SDWA) sets standards for public wa- ter systems to assure safe drinking water for the American public. Water systems must maintain compliance with these standards. Y2K Y2K computer problems may oc- cur where embedded computer chips, and older operating system software and application programs may only read the last two digits of a date. As a re- sult, several critical future dates could be misread by the computer. Date-re- lated problems may affect computer clock mechanisms, operating systems, Sept. 9, 1999: Many computer systems use or are programmed to use 9/9/99 as a file purge date. munication systems and devices, emer- gency protection systems and equip- ment (e.g., fire and gas detectors, evacuation alarms, and fire alarms), and heating and cooling systems. Also, er- roneous information caused by Y2K problems may lead process operators to take unsafe and incorrect actions that can result in the accidental release of hazardous substances. If a number of systems are affected by Y2K problems, cascading failures can occur. In the drinking water and waste- water sector, Y2K issues could impact the ability of a Publicly Owned Treat- ment Works (POTW) to collect and treat sewage, potentially causing back- ups or overflows of raw sewage and creating a public health emergency. In drinking water systems, Y2K problems could limit drinking water facilities' abil- ity to provide an adequate quantity of water or to produce the ^^^^^_ quality of water pro- vided under normal op- erations. This water must meet EPA regula- tory requirements. Jan. 1,2000: Rollover of the date may halt, confuse or disrupt many systems and devices. Feb. 29, 2000: Many systems may fail to recognize 2000 as a leap year. Oct. 10, 2000: First occurrence that requires the use of eight digits. May cause failures. Dec. 31, 2000: Some systems using Julian dates may not recognize the 366th day of the Leap Year. software packages, libraries, tools and application software. In the chemical processing and manufacturing industries, Y2K issues could place workers, communities and the environment at risk. These risks could include unintended, complete shutdowns and malfunctions of auto- mated process machinery (e.g., valves and pumps), control room and telecom- Year 2000 problems must be promptly iden- tified and corrected be- fore they occur. Doing so now can signifi- cantly reduce the risk of safety failures, acciden- tal chemical or pollutant releases, and/ or drinking water or wastewater treat- ment system failures. This effort can also reduce potential liability for viola- tions of federal environmental laws. EPA recommends that the follow- ing steps be taken, at a minimum, to Continued on page 3 AUGUST 1999 ------- Enforcement Alert Continued from page 2 identify and remedy the Y2K problem: 1 Identify, check and list every sys- tem for date-sensitive logic con- trols. Focus efforts on software and equipment with embedded chips. Pri- oritize systems based on the likelihood of causing safety, health, and environ- mental releases. Review all process haz- ard analysis to be certain that Y2K de- pendent control systems, process equipment, and safety devices are in- ventoried and addressed. Proactive steps such as hiring an expert consult- ant may be wise if regulated entities are unable to identify and implement Y2K remedies in-house. It also is important that contingency plans be developed that allow for "business as usual." For example, publicly-owned water systems should review and amend their contin- gency plans to provide safe drinking water in emergency situations. 2 Remedy problems by repair- ing, modifying or replacing sys- tems, devices or equipment. If vital pro- cess control systems and equipment can not be adequately addressed, then consider operating the system in a manual override setting. Retrain person- nel if they are unfamiliar with the manual operations. Confirm that employees can shut down the process manually if nec- essary. 3 Test all embedded software to determine if they will be affected by the Year 2000 date change. Embed- ded software is software that perma- nently resides on some internal memory device (e.g., Central Processing Units, Basic Input Output Systems, device drivers, middleware, etc.) in a computer system or other machinery or equip- ment that is not removable in the ordi- nary course of operation and is of a type necessary for routine operation. Verify that the updated systems work properly for all potential failure dates. Due to potential Y2K programming to the of hazardous into the air, and land. 4 Establish and train workers on site-specific Y2K contingency plans in order to prepare for unantici- pated problems with process control systems. Contingency plans should not be dependent on backup systems and equipment that could also fail because of Y2K problems. Contingency plans should also address how systems can be manually operated. Most impor- tantly, advise employees to alert local emergency officials and the commu- nity of possible failures that may inad- vertently release hazardous sub- stances. 5 Coordinate contingency plan- ning with critical service provid- ers such as electric and gas utilities, medical and fire emergency response establishments, telecommunications companies, and transportation ser- vices. These services may be delayed or not arrive at all because of failures in non-Y2K compliant computers and chips in their systems. 6 If necessary, have extra staff available onsite for a number of hours just before and immediately af- ter critical date changes. Train staff in the contingency plans and in the manual operation of process controls with po- tential Y2K operational complications. ^J Conduct Y2K computer failure / scenarios to learn valuable lessons that can be used to improve emergency response, prevent communication fail- ures, and diagnose and correct equip- ment malfunctions. Contact Sounjay K. Gairola, Of- fice of Regulatory Enforcement, RCRA Enforcement Division, (202)564-4003,Email: gairola. sounjay@epamail. epa.gov or Leslie Oif, RCRA Enforcement Divi- sion, (2 02) 5 64 -2291; Email: oif.lesHe@epamail epa.gov. Policy' On July 20, President Clinton signed into law "The Y2K Act," which is intended to ensure that Y2K prob- lems do not disrupt commerce or cre- ate unnecessary caseloads in the courts. Most provisions do not apply to government enforcement actions. The Y2K Act establishes a "Y2K upset defense" for some federal law violations and provides civil penalty immunity for small businesses for some first-time violations. The Y2K upset defense and the civil penalty immunity expire after June 30, 2000 and Dec. 31,2000, respectively. In addition, re- lief is not available under either provi- sion if the violation causes actual or imminent harm. The Y2K upset defense applies to any temporary violations of federally enforceable monitoring and reporting Continued on page 4 AUGUST 1999 ------- xvEPA United Environmental Protection Agency Office of Regulatory Enforcement 2201A Washington, D.C. 20460 Bulk Rate Postage and Fees Paid EPA Permit No. G-35 Official Business Penalty for Private Use $300 Continued from page 3 violations by any business (regardless of its size) that are directly related to a Y2K failure. Among other qualifying conditions, the violations cannot result from lack of reasonable preventive maintenance or preparedness for a Y2K failure or be caused by operational error or neg- ligence. The small business civil penalty immunity provisions provide relief to businesses with less than 50 full-time employees. Available only for small businesses that have not committed the same vio- lation in the previous three years, the violation must have been caused by a Y2K failure and the business must have taken steps to prevent and remediate the failure. Among other qualifying con- ditions, the business must undertake reasonable and prompt measures to cor- rect the violation. The full text of the Y2K Act can be found at http://thomas.loc.gov and keyin"H.R. 775." In November 1998, EPA issued a "Y2K Enforcement Policy" that is de- signed to encourage the expeditious testing of computer associated hard- ware and software that may be poten- tially vulnerable to Y2K problems. The policy was published in the Federal Reg- ister on March 10, 1999. Under this policy, EPA intends to waive 100 percent of the civil penalties and recommend against criminal pros- ecution for environmental violations re- sulting from Y2K testing designed to identify and eliminate Y2K-related mal- functions. To receive the policy's ben- efits (e.g., waiver of penalties due to testing), regulated entities must address specific criteria and conditions identi- fied in the policy. To the extent that the Y2K Act pro- vides greater relief than EPA's Y2K En- forcement Policy, the Act takes prece- dence and will apply. In at least one cir- cumstance, however, EPA's policy may be applicable where the Y2K Act does not apply (e.g., where an entity that is not a small business violates an under- lying substantive requirement and not just a monitoring or reporting require- ment, EPA's policy may provide greater relief). Contact Gary Jonesi, Office of Regu- latory Enforcement, (202) 564-4002 or E-mail: jonesi.gary@epamail. epa.gov. Useful Websites RCRA Enforcement Division: http ://www.e pa. g o v/oeca/o re/red/ EPA's Office of Water Home Page: htl p ://ww w. e pa. go v/o w Chemical Emergency Prepared- ness and Prevention Office: http: //www, e pa. g o v/swe ree p p/ y2k.htm EPA's Year 2000 website: http ://www. epa. g o v/yea r2QQQ EPA's Y2K Enforcement Policy: http: //www.e pa. go v/fed rgstr/ E PA- GEN ERAL/1988/March/Day-10/ g5958.hfm President's Council on Y2K Conversion: http://www.y2k.goY/ text/index.htm (the Council Is responsible for coordinating the Federal Government's effort to address Y2K Issues and readiness). U.S. Small Business Administra- tion: http://www.sba.gov/y2k (provides information to help small businesses gel Y2K ready). EPA's Small Business Gateway: htlp: //www. epa.gov/ U.S. Chemical Safety and Hazard Investigation Board (CSB): http:// www.chemsafety.gov ( offers Y2K help to small and medium businesses) EPA's Audit Policy Website: http:// www.epa .gov/oeea/a udllpol.htm AUGUST 1999 ' Recycled/Recyclable. Printed with Soy/Canola Inkon paperthat contains at least 50% recycled fiber ------- |