Privacy Impact Assessment (PIA) –  Compliance Data Environment (CDE)

CDE System Overview

The Internal Revenue Service (IRS) is contemplating the replacement of the antiquated Midwest Automated Compliance System (MACS), a system specifically mentioned as part of the Compliance Programs and Projects Files Notice (Treasury/IRS 42.021), with a more cost-effective and technologically current system, the Compliance Data Environment (CDE).  The CDE will functionally replace the MACS and will not expand the categories of individuals or records covered by the system, nor increase the numbers of individuals or offices having access to the records.  As with the MACS, the CDE will provide a centralized, open-architecture information system with tax return data and other related information that IRS employees who need to analyze and deliver tax returns for examination may use for such purposes. The secure repository will allow authorized users to access the data from their IRS networked workstation.  Anticipated users will include HQ analysts, Research analysts, examination lead development center analysts, PSP coordinators, campus case-builders, and the EDSS/RGS.  As the replacement system for the Midwest Automated Compliance System (MACS), the CDE is envisioned to contain only the information and functions that currently reside in MACS.  It is possible that the previous Privacy Certifications for MACS could be applicable to CDE.

System of Records Number(s)

Treasury/IRS 42.021 Compliance Programs and Projects Files
Treasury/IRS 34.037 IRS Audit Trail and Security Records System

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:

A.  Taxpayer
CDE will contain tax return data for the entire SB/SE filing population.  Data will be available for three to four years from the following forms: 1040 series, 1120 series, 1120S, 1065 and 1041.  “Tax return data” refers to those lines that are transcribed at the service center during processing (i.e., the Returns Transaction File) and some entity information from the Master File, such as Post of Duty (POD), date of birth, audit history, and DIF score.

B. Employee
Employee information per se is not available in the system except as such employees are themselves taxpayers, or to identify and characterize authorized users of the CDE.

C. Audit Trail Information (including employee log-in info)
The CDE will generate audit trails of all user activity, identifiable by user.  Audit trail records can only be viewed and backed up via a menu accessible only to System Administrators and Security Officers.  Audit trails are backed up at least monthly and given to the Security Officer to review and report his or her findings to the Chief, PSP or Chief, Service Center Compliance Branch.  Those involved in such reviews (Security Officers, System Administrators, and Chiefs) will have been trained in audit trail review, which builds upon the UNAX (Unauthorized Access) Prevention Training that all IRS employees receive to safeguard the data against misuse.

D.  Other (Describe)
For case-building purposes, some ancillary information may be temporarily obtained (i.e., retained no longer than 60 days) from other financial sources such as XXXX.

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.

A. IRS.  All tax return data elements are obtained from the Return Transaction File (RTF) via the 701 extract process.
B. Taxpayer.  The original source for tax return information is the taxpayer via filed returns, which are processed and transcribed.
C. Employee.   Employee information, per se, is not maintained in the system except to identify and characterize authorized users.
D. Other Federal Agencies – None
E. State and Local Agencies – None
F. Other third party sources – Transient information from XXXXX may be temporarily gathered and maintained (for not more than 60 days) for case building purposes.

3.  Is each data item required for the business purpose of the system?  Explain.

Yes, the CDE will provide a means to monitor and control information related to special programs and projects to identify areas of non-compliance. Using this information, available efforts can be focused on the more significant non-compliance issues. The CDE includes taxpayer records and records concerning tax preparers. Certain records in this system may be used to select individuals for compliance actions.

4. How will each data item be verified for accuracy, timeliness, and completeness?

Not applicable.  The data come from an authoritative source and cannot be changed.

5. Is there another source for the data?  Explain how that source is or is not used.

RTF data is the source for nearly all of the data that will be contained in CDE; however, RTF data is in a form that does not allow the data to be quickly and repeatedly queried according to specific search criteria, which are required to uncover significant compliance issues.

6. Generally, how will data be retrieved by the user? 

With appropriate authorization, CDE users can request a facsimile of a tax return using a personal identifier (TIN).  Authorized CDE users can also enter a name, address, filter (a set of selection criteria), etc., any of which give the user a TIN which can then be referenced to access the tax return.  The users will have no other access to CDE data.

Authorization means that an approved Research Request was issued, requiring the signature of the requestor’s manager and the Chief, PSP or Chief, Service Center Compliance Branch.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? 

Yes, see the answer to Question 6, above.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Only CDE users will have access to the data in the system.  Managers can access the data only in so far as they are users of the system. System Administrators do not have access to the data and cannot be CDE users.  They can only perform administrative functions.  Developers have limited access to test data only.

9. How is access to the data by a user determined and by whom? 

No one may access CDE data without being an authorized user, as established by the System Administrator, and the System Administrator may only establish prospective users who have completed a Form 5081, Information System User Registration / Change Request, and who have received approval and have acknowledged that they understand and will comply with the security rules for the system.  The 5081 will identify the new user as one of four profiles, which limit the type of work and how the system may be used.

Regardless, CDE users are prohibited from accessing information not needed for their official duties.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

Since the CDE is in the design phase, currently there are no other IRS systems that provide, receive, or share data with it.  However, as the replacement for MACS, it is envisioned to receive RTF data from the 701 extract process and some entity information from Master File.  It will not share information with other IRS systems, but at some future time, it may provide information to RGS (or its replacement) and possibly to AIMS and/or ERCS, at which time a new PIA will be prepared.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?  Yes.

12.  Will other agencies provide, receive, or share data in any form with this system?  No.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

W-4 paper case files and National Computer Center (NCC) magnetic tape records are destroyed two years after the cases have been inactive. Records will be destroyed in accordance with IRM 1.15.23 (Records Control Schedule for Tax Administration.)

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15.   No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.
 
The CDE cannot be used to identify or locate individuals or groups.  It can only use its static database of tax returns to identify returns that meet pre-established selection criteria.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.
 
The CDE cannot be used to monitor individuals or groups.  As with the answer to Question 15, it can only use its static database of tax returns to identify returns that meet pre-established selection criteria.

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.
 
The CDE will promote automated, data-driven compliance decisions.  All users will be required to follow National Office documents, including the IRM, Examination Plan, directives, and memoranda, which lead to consistent use of the data and avoid disparate treatment of individuals or groups.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?
 
This system of records may not be accessed for purposes of determining if the system contains a record pertaining to a particular individual.  This system of records may not be accessed for purposes of inspection or for contest of content of records.  26 U.S.C. 7852(e) prohibits Privacy Act amendment of tax records.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?
 
No.  Only authorized users may access the system via the IRS’ private intranet.  There can be no web visitors.