Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Political Action Committee/Political Organization Filing and Disclosure

 

Privacy Impact Assessment – Political Action Committee/Political Organization Filing and Disclosure (527 PAC/POFD)

Section 527 PAC/POFD System Overview
 
The Section 527 Political Action Committee (527 PAC) in conjunction with Political Organization and Filing Disclosure (POFD) is an IRS application controlled under the IRS Tax Exempt/Government Entities Business Unit.  The purpose of the 527 PAC/POFD system is to collect, validate, and store information from IRS Form 8871 (Notice of Section 527 Status – Electronic Only) and Form 8872 (Report of Contributions and Expenditures – Paper and Electronic) which are collected from political organizations through a web site hosted and maintained by contractor support.  Additionally, the Form 990 (Return of Organization Exempt From Income Tax – Paper Only) is obtained in hardcopy format.  Paper documents are scanned into an Adobe PDF format at the Ogden Campus, transmitted to TCC and then sent to POFD.

The Section 527 PAC/POFD system also generates user identifications and passwords so that filers can be identified, notified, and permitted to file the Form 8872 electronically.  This information is submitted to the IBM 3900 at Martinsburg Computing Center (MCC) and incorporated into a notice facsimile, routed to the printers at the Ogden Campus and mailed to the political organizations.  The access credentials are then sent to POFD so that political organizations can log into the website and report their contributions.

The functionality of this application is required by law to provide political organizations the ability to identify their status and report contributions and expenditures.  Information collected from political organizations is required to be made available to the general public.  Certain information is required to be made available on-line as delineated in this document.

Systems of Records Numbers(s) 

Treasury/IRS 42.001 Examination Administrative File
Treasury/IRS 50.001 Employee Plans/Exempt Organization Correspondence Control Records
Treasury/IRS 34.037 IRS Audit Trail and Security Records System

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

A.
Data from Forms 8871, 8872, and 990 on organization taxpayers (publicly available):
Header data for all Forms:
* Organization name
* Employer Identification Number (EIN)
* Organization address
* Organization e-mail
* Organization representative contact
* Organization custodian of records

Form 8871:
* Names of highly compensated organization officers, title, and address
* DLN,
* Tax Period,
* Filing Reporting Type (Initial, Amended, Final),
* Received Date,
* Exemption from filing F8872 Code
* Exemption from filing F990 Code 

Form 8872 (including Schedules A and B):
* Report type (e.g., quarter, annual)
* Total amount of reported contributions
* Total amount of reported expenditures
* Contributors’ names, mailing addresses, and zip codes
* Contributors’ employers, occupations, and aggregate annual contributions
* Amount of contributions
* Recipients’ names, mailing addresses, and zip codes
* Recipients’ employers, occupations, and aggregate annual contributions
* Amount of contributions
* DLN
* Tax Period
* Filing Reporting Type (Initial, Amended, Final, Change)
* Received date
* Report Type (1st/2nd/3rd/4th Quarter, Mid Year, Pre/Post Election and End of Year)
* Total Contribution
* Total Expenditure

Form 990 (including Schedule B):
* Organization type (e.g., 527)
* Organization gross receipts and revenue
* Organization Expenditures
* Organization Balance Sheet data
* Names of organization officers, title, and address
* Contributors’ names, mailing addresses, and zip codes
* Contributors’ employers, occupations, and aggregate annual contributions
* Amount of contributions
Web Access Credentials to fill out 8872:
* Organization User ID
* Organization Password

B.  The 527 PAC/POFD system does not capture information about an IRS employee.  The electronic version of the 8871/8872 data is stored internally on an Oracle database at TCC and the data is made available to IRS employees who have been given privileges to view and update parts of the data.   When a change is made to the database, information about the change and the user who made the change is recorded on an audit trail.

C.  527 PAC maintains an audit table to effectively trace user actions within the system.

Audit trails will include sufficient information to establish what events occurred and who (or what) caused them.  For each recorded event, the audit record (event record) shall identify:
* Date and time when the event occurred
* User ID associated with the event
* Copy of previous record before change

D.  None.

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

A.  Four BMF output files from Run 12044 are generated on the Unisys at ECC-MTB and sent to 527 PAC on a weekly basis.  The information consists of mailing addresses for each political organization.  It is used to ensure that the user identification and password, generated by 527 PAC, are sent to the proper destination.

B.  Paper versions of the 8871, 8872, 990 and attachments, submitted by political organizations to the Ogden Campus, are scanned into Adobe PDF format and transferred to 527 PAC. The file naming convention consists of the organization EIN, Form Name and Occurrence.  

C.  None.

D.  No other Federal Agencies provide data for 527 PAC/POFD system.

E.  No State or Local Agencies provide data for 527 PAC/POFD system.

F.  Data from the 8871 and 8872, that is entered by the political organization using the POFD website, is captured and transferred via FTP from POFD to 527 PAC at TCC.  The information is sent through a secured Virtual Private Network (VPN). 

3. Is each data item required for the business purpose of the system?  Explain.

Yes. The data items are required to meet a Congressional mandate to provide Political organizations, identified as Section 527 organizations, the ability to disclose their political activities by filing electronic or paper submissions of Forms 8871, 8872 and 990.

4. How will each data item be verified for accuracy, timeliness, and completeness?

Paper 8871/8872/990 Forms are reviewed by Entity Research Group in Ogden Campus for accuracy, timelines, and completeness.   The forms are stamped with a date upon receipt, scanned, and transmitted to MITS4 Enterprise Computing Center Memphis ECC-MEM and then sent to POFD for posting before becoming available to the public.

Electronic 8871/8872 Forms are validated on the POFD website to adhere to established business rules before political organizations are able to successfully submit the forms. 

To ensure flawless transmission of the data, a verification process is performed to ensure that the number of records transmitted are intact and expected number of records are received.

5. Is there another source for the data?  Explain how that source is or is not used.

The paper filings of the 8871, 8872 and 990 are also stored on an in-house web site maintained by Western Development Center.  TE/GE Program Analyst and Entity Research use this web site to perform Quality checks on the scanned images.

The paper filings of 8871, 8872, and 990 as well as the electronic filings of 8871 and 8872 are stored on the POFD web site.

6. Generally, how will data be retrieved by the user? 

Entity Research Group personnel within the Ogden Campus have the ability to access the electronic 8871 and 8872 stored at TCC utilizing Oracle Forms.   They also can access the paper 8871, 8872 and 990 via an internal web site using a browser.  These users can retrieve the data by EIN or Name of Organization. 

Public users have the ability to access both the paper and electronic form 8871/8872/990 by either EIN or Name of Organization stored on POFD via a public web site.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? 

No.  Data is retrievable only by organization name and EIN. 

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Within IRS:
* System Administrators
* Database Administrators
* Application Users

There are three types of user roles with access to 527 PAC: System Administrator (SA), Database Administrators (DA) and Users.  SAs have the ability to install, upgrade, and maintain software, operating systems, and applications.  SAs also monitor the change control process, system security controls, and grant system access.  Database Administrators create and update database tables and indexes.  Users are responsible for the daily operations of the hardware, operating systems, installed applications, and the proper use of the security features.  Users, who have submitted an Online Form 5081 and have been given password permission to the system, will have access to the database information via a graphical user interface. 

Before contractors can access the system, they are subject to Mission Assurance and Security Services procedures based on contractor risk levels, depending on their role, and background investigations, which include: Low Risk (NACI), Moderate Risk (NACC), or High Risk (BI) where applicable.

External:
* Organization Web Users
* General public (web accessible output from Forms 8871, 8872, and 990 are viewable)

9. How is access to the data by a user determined and by whom? 

The application relies on the OS and RDBMS to prescribe not only who is to have access to a specific system resource but also the type of access that is permitted.  Logical access controls are implemented for software programs, data files, databases, and telecommunications access.  Managers base access control policy on the principle of least privilege, which states that users should be granted access only to the resources they need to perform their official function.  The manager will request a user be added.  They must fill out Online 5081, Information System User Registration/Change Request, to request access to the application.  A user’s access to the data terminates when it is no longer required.  Criteria, procedures, controls, and responsibilities regarding access are documented in the Information Systems Security Rules on Online 5081.  Assignments of individual and group permissions adhere to the provisions as outlined in the Internal Revenue Code 6103.

Access to resources is based on the following access criteria, as appropriate.
A.  Unique User Identity (User ID).

B.  Roles. Access to information is controlled by the job assignment or function.

C.  Access Mode. Common access modes, which can be used in operating or application systems, include read, write, execute, and delete. Other specialized access modes (more often found in applications) include create or search. These criteria are used in conjunction with one another.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

Electronic 8871 and 8872 forms are identified and collected from POFD.  A file is created by 527 PAC and sent to ECC-MTB for processing through General Mainline Framework (GMF) and posting to the Business Master File (BMF).  The data shared includes:

Form 8871: 
* DLN,
* EIN,
* Tax Period,
* Filing Reporting Type (Initial, Amended, Final),
* Received Date,
* Street Address Line 1, Street Address Line 2,
* City, State, Zip Code,
* Exemption from filing F8872 Code
* Exemption from filing F990 Code 

Form 8872: 
* DLN, 
* EIN,
* Tax Period,
* Filing Reporting Type, (Initial, Amended, Final,  Change), 
* Received Date,
* Street Address Line 1, Street Address Line 2
* City, State, Zip Code,
* Report Type  (1st/2nd/3rd/4th Quarter, Mid Year, Pre/Post Election and End of Year)
* Total Contribution,  
* Total Expenditure  

The paper 8871, 8872, and 990 forms are received by the Ogden Campus and scanned into an Adobe PDF format.  These images are transferred to 527 PAC and then sent to POFD.

On a weekly basis, a file is created for every new 8871 record containing a list of generated user id’s and passwords.  This file is ftp-ed to ECC-MTB and incorporated into a notice facsimile, routed to the printers at the Ogden Campus and mailed to the PAC organizations.

The access credentials are also sent to POFD so that political organizations can log into the website and report their contributions using Form 8872.

Updates made to the electronic version of the 8871 and 8872, are ftp-ed to POFD.

The application relies exclusively on the OS, RDBMS, and site MITS 4 ECC-MEM GSS for logical access controls.  The specific IRS applications that interface and exchange information with 527 PAC include:

* General Mainline Framework (GMF)
* Business Master File (BMF)

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?

Certification and Accreditation (C&A): 

The following systems hold a current Certification and Accreditation in the Mission Assurance Master Inventory:
* BMF (C&A approved on 8/20/2004, expiring on 9/10/2006)

The following systems do not have a current Certification and Accreditation in the Mission Assurance Master Inventory:
* GMF

Privacy Impact Assessment (PIA): 

The following systems hold a current Privacy Impact Assessment in the Office of Privacy PIA Inventory:
* GMF (PIA approved on 8/31/2004, expiring on 8/31/2007)
* BMF (PIA approved on 8/22/2003, expiring on 8/22/2006)

12.  Will other agencies provide, receive, or share data in any form with this system?  No.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

Prior to the disposal or transfer of a system, sensitive data and software is removed/eliminated from the memory and external storage devices.

Hard copy media that is no longer required or needed is disposed of (e.g., shredded, burned).  Data sets that are no longer required or needed are destroyed or eliminated in accordance with prescribed IRM and LEM procedures, specifically media protection policy and procedures are formally documented in IRM 10.8.1 and IRM 1.15.2, Records Management.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15.  No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.

Yes (for groups).  The business purpose of the system is to provide a repository for the 8871, 8872 and 990 information filed by political organizations and is used for research purposes.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.

Yes (for groups).  The system provides the capability to monitor filings of political organizations to support the business purpose of the system.  The Functional Security Coordinator and System Administrators monitor the history files for any unauthorized actions on the part of a 527 PAC User. 

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.

All taxpayers will be treated equally.  All 8871, 8872, and 990 data, whether sent in by paper or electronic form, are processed and stored using the same automated method and all information is made available for public viewing via the POFD website.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

The system does not make determinations.  All 8871, 8872 and 990 data, whether sent in by paper or electronic form, are processed and stored using the same automated method and all information is made available for public viewing via the POFD website.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?

527 PAC is a UNIX based application.  527 PAC does not use persistent cookies.  POFD is a web-based system but does not use persistent cookies or other tracking devices.   However, when a political organization files electronically via POFD, they are identified by their login upon accessing the system.  POFD also uses a tool called web-trend to gauge the number of web pages that have been viewed.

 


Page Last Reviewed or Updated: April 11, 2006