Privacy Impact Assessment – Centralized Authorization File (CAF) Extract
CAF Extract System Overview
An extract from the Centralized Authorization File (CAF) will identify a statistically valid sample of practitioners who interact with the Service in representation work on behalf of Small Business/Self-Employed Taxpayers. This extract will be used to conduct a Practitioner Attitude Survey under contract with the Pacific Consulting Group. No client (taxpayer) information will be a part of the extract.
SB/SE recently conducted a customer base survey and learned that 87% of SB/SE taxpayers use a practitioner and that practitioners’ experience is significantly different from the taxpayer. These findings demonstrate how critical it is for SB/SE to have a thorough understanding of practitioners and their experience with the IRS. The Taxpayer Education and Communication (TEC) organization within SB/SE has commissioned a research program to profile practitioners, which provides rich information about the demographics and attitudes of practitioners, but there is no current comprehensive research that evaluates the practitioner’s experience with the IRS as a customer. In order for SB/SE to make the best decisions possible for setting its customer satisfaction strategy, it is essential that the organization gain a better understanding of the needs and preferences of practitioners, who handle the vast majority of SB/SE interactions.
The purpose of this task is to assist the SB/SE Division in developing a more thorough understanding of the practitioner experience as a customer. The survey will yield valuable information on SB/SE Practitioner behavior patterns, their interactions with the IRS, and fail points in the system. In addition, it will prioritize their needs and preferences and reveal penetration and acceptance of key SB/SE products and services.
System of Records Number(s)
Treasury/IRS 24.030 CADE Individual Master File (IMF)
Treasury/IRS 24.046 CADE Business Master File (BMF)
Treasury/IRS 34.037 IRS Audit Trail & Security Records System
Data in the System
1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)
A. None
B. None
C. None
D. the extract will include names, professional status (whether an attorney, CPA, enrolled agent, unenrolled return preparers) and contact information for practitioners who have filed form 2848 or form 8821 with the IRS.
2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)
A. All information will be secured from the Centralized Authorization File (CAF), an IRS Database/System. The information in the CAF is secured from forms prepared and submitted by practitioners.
B. none
C. none
D. none
E. none
F. none
3. Is each data item required for the business purpose of the system? Explain.
The requested extract will only contain the information that is needed to identify and contact the practitioner and identify their professional status.
4. How will each data item be verified for accuracy, timeliness, and completeness?
The data will come directly from the Centralized Authorization File. The forms 2848 and 8821 are verified at several points prior to input in the CAF.
5. Is there another source for the data? Explain how that source is or is not used. No.
6. Generally, how will data be retrieved by the user?
The access will be limited to the contractor who will be operating under a Blanket Purchase Agreement (BPA) which includes disclosure provisions
7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?
Yes, it will be retrievable (by the contractor only) through any of the fields in the extract.
Access to the Data
8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?
Contractor who has met all requirements of the Computer Security Act of 1987 and OMP Circular A-130, Appendices A7B.
9. How is access to the data by a user determined and by whom?
Through the provisions of the blanket purchase agreement and the accompanying statement of work.
10. Do other IRS systems provide, receive, or share data in the system? If YES, list the system(s) and describe which data is shared. If NO, continue to Question 12. No.
11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment? N/A
12. Will other agencies provide, receive, or share data in any form with this system? No.
Administrative Controls of Data
13. What are the procedures for eliminating the data at the end of the retention period?
The contractor will use a crosscutting shredder and a degausser for the disposal of the data collected. It will not be returned to the IRS.
14. Will this system use technology in a new way? If "YES" describe. If "NO" go to Question 15. No.
15. Will this system be used to identify or locate individuals or groups? If so, describe the business purpose for this capability.
Yes. In order for SB/SE to make the best decisions possible for setting its customer satisfaction strategy, it is essential that SB/SE gain a better understanding of the needs and preferences of practitioners who handle the vast majority of SB/SE interactions.
16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring. No.
17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently? Explain. No.
18. Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action? N/A
19. If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors? N/A
|
