Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Taxpayer Advocate Service Training & Reg Sys

 

Privacy Impact Assessment – TAS Training and Registration System (TTRS)

Purpose of the System: 

The TAS Training & Registration System was designed to permit training/meeting registration for employees through a web-based application to include emergency contact information, estimated travel costs, class selections, if applicable, and creation of rosters and individualized agendas.

Features:
* User registration data is downloaded from the Discovery Directory based on the IRS LAN Logon;
* User registration data screen allows for changes;
* Captures emergency contact data, including medical awareness notes, evacuation assistance requests, lodging information, and special accommodation request;
* Secures travel cost information;
* Contains a course selection screen for cafeteria style events;
* Provides individualized scheduling to accommodate class conflicts for cafeteria style and multiple offerings of mandatory sessions;
* Allows user to edit information at a later date.

System of Records Number(s)  

 Treasury/IRS 34.037 Audit Trail and Security Records System
 Treasury/IRS 36.003 General Personnel and Payroll Records
 Treasury/IRS 38.001 General Training Records

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

Key:
M = Mandatory
V = Voluntary
N/C = not currently captured by the system. 

A. None

B. Employees are required to use this system if they will be attending the training event.   User Fields:  FName(M), MidInit(v), LName(M), POD(M), Title(M), Series(M), Grade(M), Work Phone(M), SEID(M), NTLogon(M), Manager (Are you a Manager?)(M), SuperName(M), SuperPhone(M), Email(M), timisCode(M).  Emergency Contact Fields:  CName(M), cDayPhone(M), cEvePhone(M), CRel(M), MedNotes(V), EvacNotes(V), SugHotel(M), AltHotel(V), AtlHotelPhone(V).  Travel Costs Fields:  AirLine(M), Mileage(M), MiscCost(M)

C. _SQLsession:  sessionDate, lastActionDate, NTLogon, rmIP  _AppLog:  actionDate, actionItem, NTUser.

D.   ArriveDepart Table – identifies user based on User ID, allows for input of week selected if applicable, user input of arrival/departure dates(M), ids event by event number.  Courses Table – allows for input of courses offered at event.  Course Type allows administrator to set type of course ie.  Mandatory, Cafeteria, etc.  CPEStat – not used, Custom Reports – not used, Event – allows administrator to set up an event on the system.  Event Type – Allows administrator to set the type of the event.  OpenEnroll – set fiscal year, also has SugHotel.  PODinfo – table identifying POD Name to POD Codes.  PreRegister, SelectedCourses, tempCseAssign – used when assigning courses in cafeteria style event.  SysAdmins – sets system administrators.  UserTypes – identifies whether user is instructor, staff, exhibitor or student.  Weeks – in “mirror” events – identifies which week user is attending.

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

A. IRS – User Info is obtained from the discovery directory based upon NTLogon.
B. None.
C. Emergency Contact and Travel Cost data is input by the employee.
D. None
E. None
F. None

3.  Is each data item required for the business purpose of the system?  Explain.

Yes.  The student info, manager info, office info is needed in order to enroll in the course and contact the employee/student, and to inform the manager of enrollment.  Job series and level are required for those courses that are restricted by job series and grade.  SEID is used in lieu of SSN to properly credit the employee/student taking a course. 

Emergency contact info is required because employee is off-site and, in an emergency, instructors would need to have this information. 

Flight and hotel information is required to be able to account for employees and contact them if necessary while they travel out of the office.  Medical information is voluntary and requested only if the employee requires additional assistance.

4. How will each data item be verified for accuracy, timeliness, and completeness?

Users are able to verify their data each time they register for an event.  System Administrator uses access to download data from the event and compares to known attendee listing.  Users identifying special needs are contacted for further information.

5. Is there another source for the data?  Explain how that source is or is not used.  No.

6. Generally, how will data be retrieved by the user? 

User can edit information if there are changes, but otherwise, the information is used by the System Administrator to create reports, agendas, name badges, and as a stand alone system at the event itself in the event of an emergency.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? 

The system uses the SEID Logon (NT Logon) to identify the user, and the user can only see their data except for system administrators, who are IRS employees. 

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

The system uses the SEID Logon (NT Logon) to identify the user, and the user can access only their own data.  Managers access only their own data, not that of their employees.  System administrators access data related to enrollment and use it for administrative purposes only.

9. How is access to the data by a user determined and by whom? 

The system uses the SEID Logon (NT Logon) to identify the user, and the user can only see their data except for system administrators.  System Administrators are determined by TAS Director, Employee Development.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

Discovery Directory data is used to fill in employee information based on login and password.  No other systems provide or receive data from the TAS Training and Registration System.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?  Yes.

12.  Will other agencies provide, receive, or share data in any form with this system?  No.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

Emergency Contact data is deleted by the system administrator within three (3) business days following the completion of the event. 

IRM 1.15.20 – provides for training program files “Destroy 2 years after completion of course, except selected overall records of training which may be retained until no longer needed in current operations.”  Item 72. provides for Training and Development Records of Individuals, “Destroy when no longer needed in current operations.”  At the end of each fiscal year, the TAS Director, Employee Development, will make this determination.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15.  No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.  No.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.  No.

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.

This system does ask if a special accommodation is required by the attendee such as a sign language interpreter, wheelchair etc.  This is a yes/no question – a listing is generated and the employee is contacted via their manager – the only information captured is yes/no.  The system allows the user to include medical information or request evacuation assistance in the event of an emergency.  The medical information is kept only for medical emergency purposes, and the evacuation assistance information is provided to the facility security department in paper form.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?  N/A

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?

No, the system does not use cookies or any other method to track the user.  It uses a standard SQL Server database with security configuration set for NT authentication.  It identifies users by their SEID Logon (NT Logon).
 


Page Last Reviewed or Updated: April 27, 2006