Accessibility Skip to Top Navigation Skip to Main Content Home  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  

Advanced Search   Search Tips

Westlaw ID Administration Tool

 

Privacy Impact Assessment – Westlaw ID Administration Tool

Westlaw ID System Overview

A web based ID creation tool is already in place pursuant to our contract with West Publishing which was entered into in January 2004.  The contract required that the vendor provide us a means of creating ID’s for access to Westlaw electronic tax research system in house so that employees could get access immediately. The system has been in place since 2004 and already includes employee data. (We have been providing electronic research providers with employee data for at least 25 years so that ID’s unique to an individual could be created). We are requesting the vendor to add additional fields to this tool for e-mail address and work mailing address so that we and West Publishing can communicate with Westlaw password holders electronically and via mail if necessary.

System of Records Number(s)

Treasury/IRS 36.003 General Personnel and Payroll Records

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:

A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

The data elements in the ID Administration tool include employee name, city, state and zip where they work, division they work in and position series as well as e-mail address.

This data will allow Westlaw to efficiently and timely provide, either via e-mail or surface mail, training and administrative information in mass mailings to all users.

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.

A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

The data is obtained by TIMIS from the employee and must be deemed accurate and current.  TIMIS data will be used to populate the database electronically vs. inputting thousands of data fields manually.

TIMIS personnel will not provide a run of e-mail address and mailing address without Privacy Advocate approval.

3.  Is each data item required for the business purpose of the system?  Explain.

Yes.  In order to manage the Westlaw passwords, it was determined that these fields are necessary to control the number of users, and which employees require access.

4. How will each data item be verified for accuracy, timeliness, and completeness?

The data is provided by the employee to our personnel system, TIMIS.  As such, it is deemed accurate and current.   Therefore, further verification is not necessary.

5. Is there another source for the data?  Explain how that source is or is not used.

TIMIS is the main source for e-mail and office mailing addresses.  And, it may be relied upon to be the most up-to-date and accurate source.

6. Generally, how will data be retrieved by the user? 

As a rule, the information will be used in mass mail-outs.  Individual records will not be retrieved, other than when IRS system administrations access it to add or delete users.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?  No.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Each division and function has one ID administrator who has access to the ID Administration Tool in order to create and delete ID’s, or correct identifying employee data.

9. How is access to the data by a user determined and by whom? 

The division selects the ID administrator and they access the system whenever they need to create or delete an ID or update the employee data already in the system.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

No.  TIMIS is the only system used to obtain this information.  The Westlaw ID Administration Tool does not receive, share or provide information to any other systems or offices.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?  Yes.

12.  Will other agencies provide, receive, or share data in any form with this system?  No.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

TIMIS is automatically updated by personnel actions initiated by employees or their offices.  Each TIMIS update to our system overwrites the pre-existing information.  In addition, the ID system administrators add and delete users on a regular basis.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15.  No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.  No.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.  No.

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.  No.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?  N/A.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?  No.