Privacy Impact Assessment – Computer Assisted Publishing System (CAPS)
PIA Approval Date: April 6, 2007
CAPS System Overview:
The Computer Assisted Publishing System (CAPS) is a highly integrated system of hardware, software, and communication components that are used by Internal Revenue Service (IRS) employees to support the computerization of the agency’s publishing function. It provides the computing resources that are needed by the IRS Wage and Investment (W&I), Media and Publications (M&P) division to maintain a central printing and publications management organization with responsibility for the production, procurement, and distribution of IRS published materials.
Systems of Records Notice (SORN):
Treasury/IRS 34.037 IRS Audit Trail and Security Records System
Treasury/IRS 10.004 Stakeholder Relationship Management and Subject Files
Treasury/IRS 30.003 Requests for Printed Tax Materials Including Lists
Treasury/IRS 10.007 SPEC Taxpayer Assistance Reporting System (STARS)
Treasury.009 Treasury Financial Management Systems
Data in the System
1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)
A. CAPS contains no individual or taxpayer information.
B. Employee information is limited to user identification, encrypted password, user name, user location, and the work telephone numbers of personnel with access to CAPS.
C. The CAPS security system maintains an audit trail of attempted security-related events (successful or unsuccessful), identified by userid. These include logon, logoff and access of another user’s disk storage. This information is used only for security auditing, and access to it is limited to system security administrators.
Application tables that store key production data maintain audit information identifying userid and date/time of each data record update. Access to this information is limited to application administrators.
D. The CAPS application environment temporarily stores account number, contact names, and addresses of personnel from other federal agencies and third party sources who order IRS printed publication products. This contact information is deleted as soon as the order has been filled.
E. CAPS also contains data to meet the publishing needs of the IRS. This includes information to produce, control, track, and distribute IRS published products and production management information (e.g., data needed to satisfy Balanced Measures reporting requirements).
CAPS hosts the Electronic Publishing website, by which the Publishing and Distribution organizations make web content and electronic versions of product files available on the IRS intranet.
2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)
A. ELITE houses the database of record for IRS internal office addresses, and shares this information with CAPS so that internal-use products can be properly distributed.
Data elements needed for the production of published products (including physical specifications, quantities, production milestones and dates, budget to be charged for printing costs) are obtained from IRS offices requesting those products.
B. No data is provided by the taxpayer.
C. No data is provided by the employee.
D. Printing requisition data is obtained from the Government Printing Office (GPO).
E. Other federal agencies provide contact information (name and address) to enable distribution of tax products to them.
F. Post offices and public libraries provide contact information if they wish to participate as IRS partners in the Tax Forms Order Program (TFOP) distribution program. CAPS receives production milestone data (e.g., shipping dates and quantities) from printing contractors.
CAPS receives contact information (name and address) from IRS partners participating in programs to facilitate the distribution of tax products to the public. Participants include tax practitioners, Volunteer Income Tax Assistance/Tax Counselling for the Elderly volunteers, banks and commercial entities such as grocery and office supply stores, newspapers, and copy centers.
3. Is each data item required for the business purpose of the system? Explain.
Yes. Each application stores only the information needed to support the function of printing and distributing IRS published products.
4. How will each data item be verified for accuracy, timeliness, and completeness?
Each distribution program performs an annual survey of program participants. Contact information for respondents is updated as necessary, and non-respondents are deleted from the database.
5. Is there another source for the data? Explain how that source is or is not used.
There is no other source for CAPS data.
6. Generally, how will data be retrieved by the user?
Users generally review/update data using application screen displays. They may also generate reports using pre-defined reporting programs. Report output can be sent directly to a printer or may be delivered to the user electronically in one of several available formats, including flat file, traditional “listing” format or Microsoft Excel spreadsheet.
7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?
Yes, however, because CAPS data is stored in a relational database, the possibility to search for records by name does exist, but such a search would be the exception, not the rule, and would require programmer intervention. Some management information reports used for monitoring completeness and correctness of production data group output records according to the publishing analyst assigned to the job.
Distribution program partner records have a unique identifier (generally called an “account number”) by which they can be retrieved. Account maintenance actions (e.g., as a result of an annual survey response) are processed by first retrieving the account information by number, then editing it as needed. Distribution programs generally produce distribution listings and mailing labels that are grouped by location (State and/or Zip Code), in order to appropriately route orders to an National Distribution Center (NDC) and take advantage of bulk mailing rates.
No Social Security Number (SSN) information is stored on CAPS.
Access to the Data
8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?
Access level is determined according to job-related need.
Access to system files is limited to systems programming staff and system administrators.
Unrestricted access to the database is limited to database administrators.
Application developers can view and update application code, but only in the development environment. Only developers tasked with the role of configuration management can move code from the development environment to test, or from test to production.
Read-only access to product and publishing data is available to all CAPS users. Update access is limited to those with job-related need.
Application control tables may be updated only by suitably-authorized administrators. Some applications have multiple subsets of administrative access, to properly restrict certain update functions.
Access to distribution program application data is limited to those who work on the program.
Managers generally have access levels equivalent to those of their subordinates.
CAPS employs contractors that function in the roles of developers, system administrators and database administrators.
9. How is access to the data by a user determined and by whom?
Access level is determined according to job-related need. This determination is generally made at the section chief (or higher) level, but may be delegated to an “application owner” who assumes responsibility for the data and for ensuring that users are appropriately authorized and properly trained.
All CAPS contracted positions are classified at least as Moderate Risk, meaning contractors must complete at least a National Agency Check and Inquiries/Credit (NACIC-Moderate) background investigation process and be cleared before being granted system access. Positions responsible for system administration tasks are classified as High Risk, meaning contractors serving in these positions must complete a Background Investigation (BI) process. All contractors go through the OL5081 process to obtain system access and authorization, as well as their user identification and authentication credentials.
10. Do other IRS systems provide, receive, or share data in the system? If YES, list the system(s) and describe which data is shared. If NO, continue to Question 12.
Yes. In addition to the information sharing between applications within the CAPS environment, CAPS also utilizes a daily File Transfer Protocol (FTP) transfer from the Enterprise Logistics Information Technology (ELITE) system located at the IRS National Distribution Center (NDC). CAPS receives an extract of IRS address information from ELITE, which is the database of record for this information. CAPS also provides data to ELITE in the form of IRS published product catalogue data, for which CAPS is the database of record. An extract from this database is shared with ELITE via a daily FTP transmission. CAPS also transmits order information to ELITE for fulfilment.
CAPS also provides published products to the irs.gov web site which is hosted by Accenture. Utilizing the Electronic Tax Forms Distribution (EFTD) application, CAPS packages published products in .zip files and performs a nightly FTP transfer of the product files to staging directories located on contentmgmt01.irs.gov. The irs.gov application is a Moderate application.
11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment? Yes.
12. Will other agencies provide, receive, or share data in any form with this system?
Yes. Agencies provide input needed for product distribution only.
Other agencies do not have direct access to CAPS, but are provided extracted information, when requested, in the form of addresses for the delivery of published products.
Administrative Controls of Data
13. What are the procedures for eliminating the data at the end of the retention period?
A retention period applies to contact information (names and addresses) of IRS partners in various distribution programs. Our policy is to retain this information for as long as the participant expresses a desire to remain active. Each program performs an annual survey of participants. Contact information for survey respondents is updated as necessary, and non-respondents are deleted from the database.
All audit logs maintained within the CAPS Application Environment are currently maintained for a period of 6 years. Once the expiration date is reached, the disk will be reformatted with hex 00’s as mandated in IRS IRM 15.1, Records Management.
14. Will this system use technology in a new way? If "YES" describe. If "NO" go to Question 15. No.
15. Will this system be used to identify or locate individuals or groups? If so, describe the business purpose for this capability. No.
16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.
No. No monitoring capability exists.
17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently? Explain.
Yes. Because part of the function of this system is to assist in the distribution of IRS published products, it is important that CAPS be able to determine which products and product quantities are appropriate to each requestor. For example:
Distribution programs are limited to a list of tax products available for program partners to order, and they can generally order larger quantities.
Employers can order certain products in bulk (e.g., Form W-2).
Products identified for internal use are not available to requestors outside the IRS.
Certain “Official Use Only” products are limited even within the IRS.
18. Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?
Not applicable. CAPS is not used for the purpose of making determinations.
19. If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?
Portions of the CAPS system are web-based, but cookies are not used. The web server software maintains audit information by IP address, but there is no associated user identification information.
| 
