Privacy Impact Assessment – ELS-LDS

ELS - LDS Overview

The purpose of this server is to host LEAP an Intellinex authoring tool used to develop content.  Once content is developed it will be exported to the repository on ELS-Content.  This will serve as a resource server for reviewing and testing.

System of Record Number(s)

Treasury/IRS 38.001 General Training Records
Treasury/IRS 34.037 Audit Trail & Security Records

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:

A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

A. No taxpayer data will be maintained.

B. None

C. The Audit Trail information elements gathered are:

Account Logon – Failed Attempts
Logon – Failed Attempts

D.  The ELS-RD and RD2 servers will keep information on user accounts created by users and/or system administrators.  RD is the primary domain controller and RD2 is the backup domain controller.

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.

A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

A. None
B. None
C. None
D. None
E. None
F. None

3.  Is each data item required for the business purpose of the system?  Explain.

Yes, the information required for logging on to the server for developing, reviewing or testing content.

4. How will each data item be verified for accuracy, timeliness, and completeness?  NA

5. Is there another source for the data?  Explain how that source is or is not used.

No. Individuals are responsible for the accuracy of their own data they use to create an account.

6. Generally, how will data be retrieved by the user?

Each employee can only access their account by login and password.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?

Yes, To access content a user must have a profile that includes login and password.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Users have access to their own data.  System Administrators, Course Administrators, and Web Masters have access.

9. How is access to the data by a user determined and by whom?

Users can only access their own account information.  System administrators set the rights/permissions.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

Yes.  Content from this server is manually exported to the repository on ELS-Content.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?

Yes, it is included in the certification package with this system to be certified at the same time.

12.  Will other agencies provide, receive, or share data in any form with this system?  NO

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

Once content has been reviewed and tested it will be exported to a production server.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15.  No

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.  No

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.  No

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.  No.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?  NA

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?  No