Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Electronic Installment Agreement

 

Privacy Impact Assessment – Electronic Installment Agreement (eIA)

eIA System Overview

The eIA application will provide the ability for taxpayers to pay their outstanding IRS debts. Taxpayers may access the eIA application by navigating from links on the IRS home page (http://www.irs.gov). The eIA application will authenticate user input "shared secrets," (Taxpayer Identification Number (TIN) and Personal Identification Number (PIN), or TIN and Caller Identification Number (Caller ID) printed on an IRS generated notice) before any account information is disclosed or further use of the application is allowed.

Once authenticated, the eIA application will allow the taxpayer or their authorized representative (Power of Attorney) to apply online and receive online approval for a short term extension of time to pay or to set up a monthly installment agreement. The taxpayer will also have the option of paying the full amount of the balance due, establish a Direct Debit Installment Agreement from their checking account, or a Payroll Deduction

Installment Agreement through their employer. In the event that the taxpayer requests to set up an installment agreement, they will be prompted to provide information about their income and expenses (rent or mortgage statements, pay stubs, utility bills, etc.).

If the taxpayer is granted an online approval of their request for a short term extension or monthly installment agreement, they will receive written confirmation within 10 days. There may be times when the taxpayer will be asked to submit paperwork or speak with a customer service representative before the IRS can determine their eligibility for a payment agreement. In that case, the eIA application will provide the taxpayer with the address or toll-free phone number to call.

System of Records Number(s):

Treasury/IRS 26.019 Taxpayer Delinquent Account Files
Treasury/IRS 34.037 IRS Audit Trail and Security Records System

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

A. Taxpayer information which is provided by the taxpayer for authentication by the IRS includes the following:
Taxpayer Identification Number (TIN)
Personal Identification Number (PIN)
If no PIN exists:
Caller ID from balance due notice (CID)
Date of Birth (DOB)
After the taxpayer is authenticated, information provided by the taxpayer:
Bank Name
Bank Address
Account Name(s) (primary, joint, etc.)
Employer Name
Employer Address
Employee Name (primary or secondary)

The taxpayer is asked to confirm the Address of Record and optionally provide phone numbers During the Method of Payment session, the taxpayer provides :
Payment Option (Pay Now, Extension or IA)
Proposed Payment Amount
Payment Day of Month
Bank Name
Routing Number
Account Number
Type of Account (Individual or Business)

B. N/A

C. The system will collect MIS information related to the taxpayer’s use of the application (e.g., how many hits encountered, how many taxpayers successfully submitted an installment agreement, what links were followed, etc.)

D. N/A

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.

A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

A. IDRS using Command Codes IASDL, ICOMP, IAGREE, ENMOD, STAUP (which includes TIN, PIN (if no PIN: CID and DOB), Address of Record, entity and module data.

B. TIN, PIN, (if no PIN: CID and DOB),
Payment Option (Pay Now, Extension or IA)
Proposed Payment Amount
Payment Day of Month
Bank Name
Bank Address
Routing Number
Account Number
Individual or Business Account
Account Name(s) (primary, joint, etc.)
Employer Name
Employer Address
Employee Name (primary or secondary)

C. N/A
D. N/A
E. N/A
F. N/A

3. Is each data item required for the business purpose of the system? Explain.

Yes. This application is tailored for a very specific purpose and only those data elements which are needed to fulfill that purpose are requested and / or displayed.

4. How will each data item be verified for accuracy, timeliness, and completeness?

All data collected from and displayed to the user will be verified against or displayed from existing IRS information systems in real time.

The maintenance and upkeep of those systems and the data contained therein is beyond the scope of this application and this document.

5. Is there another source for the data? Explain how that source is or is not used.

No, there is no other source from which to obtain necessary information.

6. Generally, how will data be retrieved by the user?

Data will be retrieved from IRS records by the user through the publicly available web frontend portion of the application using a standard 128-bit SSL encryption capable web browser application such as Internet Explorer or Netscape Navigator. Users will have no direct access to IRS systems beyond the front end web server. Users shall only have such access to the web server as is necessary to provide eIA with information to perform its intended purpose and view the resulting information display.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?

The eIA application retrieves personal taxpayer information based on TIN and PIN from the Integrated Data Retrieval System (IDRS).

Taken on its own, the TIN / SSN is enough to identify an individual however, the system will not provide any information unless the user also correctly enters the PIN.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Primary access of data in the system will be by individual taxpayers.

9. How is access to the data by a user determined and by whom?

Access to the data is determined automatically by the system depending on whether the user correctly entered shared secret information or if any data was successfully retrievable given a set of shared secret credentials.

10. Do other IRS systems provide, receive, or share data in the system? If YES, list the system(s) and describe which data is shared. If NO, continue to Question 12.

Yes. This information is provided by the Integrated Data Retrieval System (IDRS) through the Customer Communications Interactive Processor (CCIP) interface. Updates to IDRS occur through the CCIP interface.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment? Yes.

12. Will other agencies provide, receive, or share data in any form with this system? No.

Administrative Controls of Data

13. What are the procedures for eliminating the data at the end of the retention period?

No personally sensitive data is stored by the eIA application for longer than user’s period of use or the automatic session timeout.

Maintenance and upkeep of the information systems from which this system derives its data is beyond the scope of this application and this document.

14. Will this system use technology in a new way? If "YES" describe. If "NO" go to Question 15. No.

15. Will this system be used to identify or locate individuals or groups? If so, describe the business purpose for this capability. No.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring. No.

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently? Explain. No.

18. Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

Yes, if the taxpayer does not qualify, a phone number shall be provided for appropriate assistance.

19. If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?

The system uses "session cookies" only. The cookie contains a unique identifier which can allow the web server to properly identify the user’s web client application only. The value of the cookie usually resembles a randomly generated string of characters and in nonsensical to humans. No personally identifiable or sensitive information is stored in client-side cookies. The session cookie is destroyed when the user terminates their web browser client, logs out of the application, or when the session timeout period has elapsed due to inactivity, whichever occurs first.
 


Page Last Reviewed or Updated: January 24, 2006