Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

LexisNexis ID Administration Tool

 

Privacy Impact Assessment – LexisNexis ID Administration Tool

LexisNexis ID Administration Tool System Overview

A web based ID creation tool to provide us a means of creating IDs for access to LexisNexis electronic tax research system in-house so that employees could get access immediately. The system has been in place since 2000 and already includes employee data. (We have been providing LexisNexis with employee data for at least 25 years so that ID’s unique to an individual could be created). We are requesting the vendor to add additional fields to this tool for e-mail address and work mailing address so that we and LexisNexis can communicate with Lexis ID holders electronically and via mail if necessary.

System of Records Number(s)

Treasury/IRS 36.003 General Personnel and Payroll Records

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:

A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

The data elements in the ID Administration tool include employee name, office city, state and zip, division they work in and position series.

This data will allow Lexis-Nexis to efficiently and timely provide, either via e-mail or surface mail, training and administrative information in mass mailings to all users.

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.

A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

The data is obtained by TIMIS from the employee and must be deemed accurate and current.  TIMIS data will be used to populate the database electronically vs. inputting thousands of data fields manually.  TIMIS personnel will not provide a run of e-mail address and mailing address without Privacy Advocate approval.

3.  Is each data item required for the business purpose of the system?  Explain.

Yes.  In order to manage the Lexis ID’s, it was determined that these fields are necessary to control the number of users, and which employees require access. 

4. How will each data item be verified for accuracy, timeliness, and completeness?

The data is provided by the employee to our personnel system, TIMIS. As such it is deemed accurate and current.  Therefore, further verification is not necessary. 

5. Is there another source for the data?  Explain how that source is or is not used.

TIMIS is the main source for e-mail and office mailing addresses.  And, it may be relied upon to be the most up-to-date and accurate source.

6. Generally, how will data be retrieved by the user? 

As a rule, the information will be used in mass mail-outs.  Individual records will not be retrieved, other than when IRS system administrations access it to add or delete users.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? No.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Each division and function an ID administrator with access to the ID Administration Tool.  The purpose is to create and delete users in their functional areas, or correct identifying employee data. 

9. How is access to the data by a user determined and by whom? 

The division selects the ID administrator and they access the system whenever they need to create, delete, or update the employee data already in the system.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

No.  TIMIS is the only system used to obtain this information.  The LexisNexis ID Administration Tool does not receive, share or provide information to any other systems or offices.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?  Yes.

12.  Will other agencies provide, receive, or share data in any form with this system?  No.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

TIMIS is automatically updated by personnel actions initiated by employees or their offices.  Each TIMIS update to our system overwrites the pre-existing information.  In addition, the ID system administrators add and delete users on a regular basis.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15. No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.  No.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.  No.

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.  No.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?  N/A

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?  No.
 


Page Last Reviewed or Updated: March 08, 2005