Privacy Impact Assessment – Single Entry Time Reporting (SETR Plus)
SETR Plus System Overview
SETRis a web application for processing IRS employee time and attendance data. It is accessed by authorized managers, employees, and AWSS personnel to enter, correct, or report time and attendance related data. The application is accessed through the individual employee’s workstation, which remotely accesses the main application server at the Detroit Computing Center. SETR users must pass through three layers of Identification and Authentication.
Data in the System
1. Generally describe the information to be used in the system in each of the following categories, Taxpayer, Employee, Other.
Taxpayer: No taxpayer data is present in this system.
Employee: SETR PLUS is a web application for processing IRS employee time and attendance data. SETR PLUS is accessed by authorized mangers, employees, and AWSS personnel to enter, correct or report time and attendance related data. The system is accessed through the individual’s terminal, which remotely accesses the main application server at the Detroit Computing Center (DCC). SETR PLUS users must pass through three layers of Identification and Authentication (I&A). Information pertaining to the employee includes:
* Name
* Social Security Number (SSN)
* Employee Office Designator
* Employee Accrued Leave
* Pay Grade
* Timekeeping and Attendance
* Bonuses)
Other: None
2. a. What are the sources of the information in the system?
SETR PLUS data is received from TIMIS, HR Connect, timekeeper/personnel direct input and the National Finance Center (NFC) payroll records.
b. What IRS files and databases are used?
. WP & C: Organization, Functional and Program Codes (OFP)
. FIRM: Building Codes
. IFS: Accounting Codes
. CADS: Email Addresses
c. What Federal Agencies are providing data for use in the system?
Internal Revenue Service, Treasury (HR Connect), and the National Finance Center provide data for this system.
d. What State and Local Agencies are providing data for use in the system?
No State or Local Agencies provide data for SETR PLUS.
e. From what other third party sources will data be collected? N/A
f. What information will be collected from the employee?
The following data will be collected from employees:
Current and historical employee payroll data
Name, SSN, assigned organizational code, detailed organization code, function code
Project code, sick and annual leave balances, accounting data codes and hours worked.
3. a. How will data collected from sources other than IRS records and the taxpayer be verified for accuracy?
Data will be reviewed by personnel specialists, managers and quality review programs for accuracy.
b. How will data be checked for completeness?
The number of records sent from each of these sources is compared to the number of records received by SETR PLUS. Discrepancies are reviewed and corrected by personnel specialists.
c. Is the data current? How do you know?
Yes, current and historical data from NFC and HR Connect is used. Data is verified and reviewed by Personnel Specialists, managers, and quality review programs are utilized as part of the system.
4. Are the data elements described in detail and documented? If yes, what is the name of the document?
The data dictionary contains a detailed description of all the SETR PLUS data elements.
Access to the Data
1. Who will have access to the data in the system?
Personnel Specialists, timekeepers, employees, and managers service-wide will have access based on their individual need to know.
2. How is access to the data by a user determined? Are criteria, procedures, controls, and responsibilities regarding access documented?
IRS personnel referenced in #1 above must complete a Form 5081, Information System User Registration/Change Request containing the appropriate signature of concurrence approval prior to receiving a system account. In addition, data access on the system is restricted through the use of permission levels in both the operating system and applications. Additional controls include restriction of user access based on job functions and responsibilities, “need-to-know” and separation of duties.
3. Will users have access to all data on the system or will the user’s access be restricted? Explain.
Users will be granted permission to files and data based on job functions and responsibilities, “need-to-know” and separation of duties.
4. What controls are in place to prevent the misuse (e.g. browsing) of data by those having access?
Confidentiality provisions must comply with guidelines of the Internal Revenue Code of 1986. In addition IRS policies to include the Taxpayer Browsing Act of 1997, the Privacy Act of 1974, USC 6103, USC 7213, Form 5081, IRM 2.1.10, Public Law 105-35 and various other publications prohibit the disclosure and misuse IRS and taxpayer data to unauthorized individuals. The application employs the use of Identification and Authentication methods, mandatory annual security briefings and Discretionary Access Controls to restrict access to system and application.
5. a. Do other systems share data or have access to data in this system? If yes, explain.
No other system has direct access to the data. Data is shared through interfaces designed and written for each specific system.
b. Who will be responsible for protecting the privacy rights of the taxpayers and employees affected by the interface?
The IRS is accountable for protecting the privacy rights of the taxpayers and employees. Government policies and IRS regulation for access to system information dictate that the IRS and all IRS employees are required to protect information deemed to have privacy implications. As a government agency, the IRS is bound to such policies and regulation as IRM 2.1.10, the Privacy Act of 1974, the Taxpayer Browsing Act of 1997, Internal Revenue Code (IRC) 6103, Title 26 U.S.C IRC, and IRC 7825. Managers and Business Systems Owners are ultimately responsible for protecting the privacy rights of taxpayers and employees.
6. a. Will other agencies share data or have access to data in this system (International, Federal, State, Local, Other)?
The National Finance Center (NFC) has access to SETR PLUS data via a dedicated encrypted data link for payroll execution. HR Connect provides SETR PLUS encrypted data through secure border servers.
b. How will the data be used by the agency?
The data sent to NFC is used for payroll disbursement pursuant to the terms and conditions outlined in the Memo of Understanding between the Department of Treasury and NFC. The data received from HR Connect is used to update personnel information.
c. Who is responsible for assuring proper use of the data?
The Department of Treasury under Secretary for Management is responsible for assuring proper use of the link to the NFC and HR Connect.
d. How will the system ensure that agencies only get the information they are entitled to under IRC 6103?
Controls are set in place by system administrators that explicitly monitor and regulate access to SETR PLUS data as set forth by the Memo of Understanding (MOU) between the Department of Treasury and NFC.
Controls are also in place to explicitly monitor and regulate access to HR Connect data between the HR Connect (Department of Treasury) and SETR PLUS system.
Attributes of the Data
1. Is the use of the data both relevant and necessary to the purpose for which the system is being designed?
Yes. The system is designed to automate time and attendance functions. The SETR PLUS system provides a faster, more reliable means to enter, edit and process time and attendance data.
2. a. Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected?
No. There will not be any new data created that was previously unavailable without the input of a user. Only information entered by a manager or Personnel Specialist will be added to an employee’s record.
b. Will the new data be placed in the individual’s record (taxpayer or employee)?
No. New data is not derived through aggregation.
c. Can the system make determinations about taxpayers or employees that would not be possible without the new data?
No. New data is not derived through aggregation.
d. How will the new data be verified for relevance and accuracy?
New data is not derived through aggregation.
3. a. If data is being consolidated, what controls are in place to protect the data from unauthorized access or use?
Data consolidation does not take place.
b. If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access? Explain.
Processes are not being consolidated.
4. How will the data be retrieved? Can it be retrieved by a personal identifier? If yes, explain.
SETR PLUS data is retrieved through various personnel codes such as SSN, SEID and username.
5. What are the potential effects on the due process rights of taxpayers and employees of: a. consolidation and linkage of files and systems;
There is no impact on the employees’ due process rights with regards to consolidation and linkage of files within SETR PLUS. The consolidation of data with a direct interface is processed through TIMIS. All data transmitted to the NFC is protected via a direct encrypted telecommunication line.
b. derivation of data;
Derivation of data does not occur, therefore there is no impact on the employees’ due process rights.
c. accelerated information processing and decision making;
The acceleration of processing does not impact the due process rights of the employees, due to adequate Discretionary Access Control (DAC) in place through multiple authentication layers.
d. Use of new technologies.
SETR PLUS does not use any new technology that falls within the scope and relevancy of the system and its subsequent processes.
6. How are the effects to be mitigated?
The security features inherent in the system mitigate the consequent effects of the accelerated information processing and the linked files and systems. Users of SETR PLUS are greeted by a prompt asking for their logon ID name, password, and SSN. Only approved managers and Personnel Specialists are authorized to access this data, thus restricting the disclosure of SBU employee personnel information and protecting the basic due process rights of the employee.
Maintenance of Administrative Controls
1. a. Explain how the system and its use will ensure equitable treatment of taxpayers and employees.
All employee payroll actions are processed in a consistent manner based on the procedures, guidelines, and policies of The Office of Personnel Management (OPM). In addition, completion of Form 5081, Information System User Registration/Change Request, containing the necessary signature is required for all users prior to gaining access to SETR PLUS. Furthermore, system security auditing is conducted to detect unauthorized access/use, fraud, and abuse of IRS information.
b. If the system is operated in more than one site, how will consistent use of the system and data be maintained in all sites?
Any manager, employee or personnel specialist service-wide can utilize SETR PLUS. SETR PLUS contains time and attendance information that is protected by username, password, and user SSN. The data is partitioned and access is granted on a need-to-know basis. Discretionary access control (DAC) is based on the username.
c. Explain any possibility of disparate treatment of individuals or groups.
Privacy principles are followed, therefore there is no disparity treatment of individuals or groups. Controls are in place to prevent this.
2. a. What are the retention periods of data in this system?
Records are maintained in accordance with record disposition handbooks, IRM 1(15)29.
b. What are the procedures for eliminating the data at the end of the retention period? Where are the procedures documented?
The procedures are documented in the OPM procedures, Federal Personnel Manual and General Record Schedule.
c. While the data is retained in the system, what are the requirements for determining if the data is still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?
The data is validated on input, updated/changed by authorized users and recorded on an audit trail.
3. a. Is the system using technologies in ways that the IRS has not previously employed (e.g. Caller-ID)?
SETR PLUS does not employ the use of new technology that would be considered exploratory to the IRS.
b. How does the use of this technology affect taxpayer/employee privacy?
SETR PLUS does not employ the use of new technology that would be considered exploratory to the IRS.
4. a. Will this system provide the capability to identify, locate, and monitor individuals? If yes, explain.
Yes, SETR PLUS has the ability to identify users by username, SSN and SEID. But is not used to monitor any employee.
b. Will this system provide the capability to identify, locate, and monitor groups of people? If yes, explain.
Yes, the system has the capability to monitor authorized IRS users through the use of identification and authentication techniques (i.e., User ID and password), in addition to, the analysis of system security audit logs to detect unauthorized access/use, fraud, and abuse of IRS information.
c. What controls will be used to prevent unauthorized monitoring?
Completion of Form 5081, Information System User Registration/Change Request, containing the necessary signature is required for all IRS personnel prior to gaining access to SETR PLUS. In addition, data access on the system is restricted through the use of permission levels in the operating system and applications. Furthermore, system security auditing is conducted to detect unauthorized access/use, fraud, and abuse of IRS information.
5. a. Under which System of Record notice (SOR) does the system operates? Provide number and name.
* IRS 36.003 - General Personnel and Payroll Records
* IRS 34.020 - Audit Trail Lead Analysis System
b. If the system is being modified, will the SOR require amendment or revision? Explain.
The modifications to SETR PLUS will not require an amendment or revision to the System of Record.
|
