Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Filing and Payment Compliance System

 

Privacy Impact Assessment -- Filing and Payment Compliance System

F&PC System Overview

The F&PC project will use the XXX-XXX Computer Assisted Collection System for Government (XXXXX) XXX application as an inventory management system.  XXXXX, a commercial off-the-shelf (COTS) solution, offers robust functionality for case assignment, prioritization, data exchange and updating files between the IRS Authoritative Data Source (ADS) and the PCAs.  SENTENCE REDACTED.     

The data in the new F&PC System will be owned by the IRS and under IRS control at all times.  XXX-XXX contractors will provide system administrator support for Release 1.1; otherwise, only IRS employees in the F&PC Referral Unit and the F&PC Oversight group will have access to the F&PC System; PCAs will not have access to the new system or any other IRS system.  

System of Record Number(s)  

Treasury/IRS 26.019 Taxpayer Delinquent Account (TDA) Files
Treasury/IRS 26.020 Taxpayer Delinquency Investigation (TDI) Files
Treasury/IRS 26.055 Filing and Payment Compliance (draft in process)
Treasury/IRS 34.037 IRS Audit Trail and Security Records System

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories

A. Taxpayer
B. Employee 
C. Audit Trail Information (including employee log-in info)
D. Other (Describe) 

A. TAXPAYER: 
Data elements will come from the IRS Individual Master File (IMF) and the Generalized Mainline Framework (GMF).  The IMF will provide authoritative data and GMF will provide pending transactions.  Only applicable data elements will be passed, e.g., the TIN of a spouse who filed as Married Filing Separately will not be part of the delinquent spouse’s account. 

Records will be extracted from IMF and GMF to update XXXXX based on a unique status code.

B. IRS EMPLOYEE: 
IRS F&PC Referral Unit and Oversight Group employees will have authority to access accounts in the F&PC System for case review and processing. These employees will complete Form 5081, Information System User Registration/Change Request.  Their authorization profile will include their User Identification, role designation and Standard Employee Identifier (SEID). 

C. AUDIT TRAIL INFORMATION: 
A permanent, online audit trail will be maintained on every case access by a user, including user ID, time of access, taxpayer’s TIN, time on the case, and counts of various transactions performed during the case access. 

A permanent, online audit trail will be maintained on every update of table-based parameters and reference tables (including the user table), including user ID, time of activity, type of table updated, and details of the update.

The audit trails will be reviewed and validated using reports.   F&PC project management is looking at the methodology to accomplish Negative TIN checking in a future F&PC release.

D. OTHER:

Quality review and contractor performance records will also be maintained in the new Filing and Payment Compliance system.  Quality Review records include monitored telephone calls placed by or made to the PCA, written correspondence and all historical account documentation maintained by the PCA.  Contractor performance records include allegations of misconduct made by taxpayers against the contractors’ employees.  The contract will require that the PCA agree to remote system access to enable such monitoring and oversight, however the exact methodology has not yet been determined.

Records used to identify cases for assignment to contractors.

Records required for the Chief Financial Officer, e.g., records that support the amounts transferred from the General Fund to the fund available to reimburse the PCAs and to the fund available to IRS to support collection activities as authorized in the new legislation; records that support payments to PCAs from the XXXXXXX Finance Center; and records that will facilitate reviewing funds available to reimburse the General Fund for funds not required to reimburse the PCAs after initial transfers.

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.

A. IRS—TDA/TDI
B. Taxpayer—Levy Source
C. Employee—Yes
D. Other Federal Agencies (List agency)—None.
E. State and Local Agencies (List agency)—None.
F.  Other third party sources—Credit Bureau scores.

A.  IRS:  All data elements are from IMF and GMF; these elements include:   
• Taxpayer Name(s) and Address
• Primary and Secondary  (if Married Filing Jointly) TIN and TIN Type 
• Type of Tax, e.g. 1040
• Delinquent tax period(s)
• Filing Status 
• Balance Due Amount(s)
• Source and Date of Assessment(s) 
• Assessed Penalty and Interest
• Accrued Penalty and Interest
• Collection Statute Expiration Date (CSED)
• Last three payment dates and amounts (including withholding, estimated tax payments, federal tax deposits, refund offsets, reversed or unpostable payments, etc.
• If there is a delinquent return associated with a balance due account: type of return; tax period; selection code; last period filed; credit balance information 
• Business Operating Division (BOD) indicator 
• Current and prior PCA indicator
• F&PC Status Code.  (A new status code to identify cases assigned to PCAs.)

B. Taxpayer:  Levy sources, e.g., taxpayer’s bank or employer, may be added to PCA history if provided by the taxpayer.  PCAs will not be authorized to take levy action but may pass that information to the IRS Referral Unit for their consideration.  IRS will not use unverified sources of levy.

C.  Employee:  Data elements as provided on the employees’ Form 5081 (described in Question 1.B). 

D.  Other Federal Agencies: None.

E.  State and Local Agencies: None.

F.  Other Third Party Sources: IRS may use a contractor to acquire telephone monitoring records for quality assurance purposes.  This is not proposed for the current release. 

3.  Is each data item required for the business purpose of the system?  Explain.

The F&PC System will receive delinquent account data elements from the IRS Authoritative Data Source (ADS) and will route and assign these accounts to PCAs for resolution.  

PCAs must have the data elements identified in Question 2 in order to effectively discuss the taxpayer’s delinquency, answer related questions, and effect resolution. 

4. How will each data item be verified for accuracy, timeliness, and completeness?

Taxpayer data will be current as of the latest submitted returns and taxpayer correspondence.  

The ADS will update and refresh inventory in F&PC as new information is received, e.g., if payments or returns post to the account.  If a taxpayer informs a PCA that some or all of their information is incorrect, the PCA will pass the correct information to the IRS Referral Unit for verification.

5. Is there another source for the data?  Explain how that source is or is not used.   No.  

6. Generally, how will users retrieve the data?  

Taxpayer information will generally be retrieved by name, address, or Taxpayer Identification Number (TIN). 

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? 

Yes.  IRS retrieves individual taxpayer accounts by the Social Security Number SSN) they use to file their federal income tax returns.  Data for the purpose of quality review may be retrieved by taxpayer identifier, employee identifier, employee number, or on a random basis.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Access will be strictly enforced on approved security roles based on job responsibilities and need to know.  Specific roles will be assigned to groups of users who will be granted access based on the role’s need to know. Two primary groups will have access to the data on the F&PC System:  

1.  IRS:
Employees assigned to the IRS F&PC Oversight group and the IRS F&PC Referral group will have access to the F&PC System data according to their job requirements.  Access will be restricted to only that data needed to perform their assigned duties.  All IRS rules and regulations against browsing and unauthorized access will be re-emphasized and monitored.  Procedures will be in place to deter and detect browsing and unauthorized access.  

Specific roles will be assigned to the following job categories based on their need to know: 

Users with access to the system and the data:

• Selected F&PC employees 
• Security Specialists
• Business System Developers (BSD) employees responsible for ongoing operations and maintenance of the F&PC system.

2.  Contractor:  

• Contractor System Developers will have access to the System and the data in order to effectively implement and manage the XXXXX software and to provide requisite support to IRS.  

• XXX-XXX System Administrator(s) 

• XXX-XXX Database Administrator

9.  How is access to the data by a user determined and by whom? 

The F&PC management team will determine what categories of users and individuals will need access to the F&PC System.  

Access to data will be based on approved security rules determined by individual roles and responsibilities and will be restricted based on a need to know.  Users will follow established IRS procedures for access using Form 5081, Information System User Registration/Change Request.

Employees will only have access to cases assigned to them.  Managers will only have access to cases assigned to their employees.  

Appropriate XXX-XXX (XXXXX) employees must successfully pass Personnel Screening and Investigation (PS&I) appropriate to their need and be trained on IRS security and privacy policies and procedures, including the consequences for violations. 

Logons and user profiles will be used to ensure the integrity of the F&PC System and the F&PC Project.  

XXXXX logon security will validate access to the F&PC system.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

The IRS ADS, i.e., Individual Master File (IMF) and the Integrated Data Retrieval System (IDRS) will provide the data and update and store transaction records.   The F&PC System will receive delinquent taxpayer account data from the ADS (as described in Question 2).

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?

Yes.  IDRS was certified in July 2004 and IMF was certified on September 10, 2003; approved PIAs are necessary to receive certification.

12.  Will other agencies provide, receive, or share data in any form with this system?

Yes, the Treasury Inspector General for Tax Administration (TIGTA) which provides independent oversight of IRS activities and administration of the internal revenue laws.

There are currently no plans for other agencies to provide, receive or share data with the F&PC System; however, if data sharing is identified in future project milestones, this PIA will be updated.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

The IRS will own and control the data in the F&PC System and will follow the current laws and regulations for record management, retention and disposal.  

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15. 

No.  The new F&PC System will be a current operating environment (COE)-compliant application using technology available on COE platforms.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.

No. The F&PC System is an inventory management system and is not designed or capable of locating individuals or groups.  

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.

The F&PC System allows for MIS reporting, security administration, and browsing detection.  The F&PC System will assist in monitoring PCA performance. 

At the F&PC program level, IRS employees in the Oversight Unit will monitor PCA case actions for quality control purposes and adherence to IRS requirements.  Quality control activities will include monitoring telephone calls placed by or made to the PCA, written correspondence, and any historical account documentation maintained by the PCA.

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.

No.  Private Debt Collection, i.e., using PCAs, is an F&PC Modernization treatment stream.  Delinquent taxpayer accounts are a homogenous group and once in this treatment stream all delinquent taxpayers are treated equally.  

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

Due Process provisions are part of policy and procedures in the Collection Process.  F&PC training will emphasize that all taxpayers are entitled to due process and PCA employees will have specific procedures for these situations.   

Taxpayers may also seek assistance from the Taxpayer Advocate Service (TAS).  PCAs must immediately refer any case where such assistance is requested or where the taxpayer describes a significant hardship to the IRS designated point of contact.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?

The F&PC System will be Web-based.  The F&PC System will not use persistent cookies; it will use a session cookie that only exists for the duration of the session.
 


Page Last Reviewed or Updated: September 15, 2005