North America

    Clean Water Act

    The Clean Water Act (‘CWA’) regulates discharges of pollutants into US waters as well as regulates quality standards for surface waters.   

    The U.S. Environmental Protection Agency (‘EPA’) has issued:  

    Last Updated: July 30, 2019

  • Requirements

    Under §404 of the CWA, it is unlawful to discharge any pollutant from a point source into navigable waters, unless a permit is obtained. The U.S. Environmental Protection Agency’s (‘EPA‘) National Pollutant Discharge Elimination System (‘NPDES‘) permit program controls discharges (the CWA Summary) 

    Point sources, as defined at §502(14) of the CWA, are discrete conveyances such as pipes or man-made ditches. Individual homes that are connected to a municipal system, use a septic system, or do not have a surface discharge do not need an NPDES permit; however, industrial, municipal, and other facilities must obtain permits if their discharges go directly to surface waters (the CWA Summary).   

    To obtain permit, it must be demonstrated that (‘the Permit Guidance’): 

    • steps have been taken to avoid impact to wetlands, streams, and other aquatic resources 
    • potential impacts have been minimised;  
    • compensation will be provided for all remaining unavoidable impacts. 

    Furthermore, proposed activities are regulated through a permit review process. An individual permit is required for potentially significant impacts. Individual permits are reviewed by the U.S. Army Corps of Engineers, which evaluates applications and monitors compliance with the permits. Some states have assumed this permitting authority and regulate these activities (‘the Permit Guidance’) 

    The CWA also prohibits the discharge of oil or hazardous substances to waters of the US or their adjoining shorelines in quantities that may be harmful to the public health or welfare or the environment. The EPA‘s Oil Pollution Prevention regulations (which you can access here) further require owners and operators of non-transportation-related oil facilities to make and implement plans to prevent oil discharges (‘the Compliance Guidance’).  

  • How OneTrust Helps

    OneTrust Vendorpedia simplifies third-party risk management by combining automation with aggregated vendor research to streamline the vendor engagement lifecycle, from onboarding to offboarding. The platform helps organizations conduct faster and more in-depth security and privacy reviews. 

    Vendorpedia is backed by the world’s largest and most up-to-date database of privacy and security laws, frameworks, and standards, which directly power and enrich OneTrust Vendorpedia. Research is generated by 30 in-house security and privacy experts and a network of 500 lawyers across 300 jurisdictions.  

    For additional details on Vendorpedia, read more here. 


Want to learn more? Login to the full DataGuidance platform.

About OneTrust

OneTrust is the #1 most widely used privacy, security and third-party risk technology platform trusted by more than 3,000 companies to comply with the CCPA, GDPR, ISO27001 and hundreds of the world’s privacy and security laws. OneTrust's three primary offerings include OneTrust Privacy Management Software, OneTrust PreferenceChoice™ consent and preference management software, and OneTrust Vendorpedia™ third-party risk management software and vendor risk exchange. To learn more, visit or connect on LinkedIn, Twitter and Facebook.