Privacy Impact Assessment – Department of Labor Standards Enforcement (DLSE)

DLSE System Overview

The Department of Labor Standards Enforcement (DLSE) application automates the research for federal employment tax requirements in an accurate and timely fashion.  DLSE is primarily used to process information submitted by business owners from the California garment, agricultural and car washing industries.  These industries must be cleared by the IRS in order to successfully operate.

System of Records Number(s) 

Treasury/IRS 34.037 IRS Audit Trail and Security Records System
Treasury/IRS 24.046 CADE Business Master File (BMF)

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

A. Taxpayer - The data stored in DLSE contains taxpayer ID (TIN), and either Federal Employer Identification Number (EIN) or Social Security Number (SSN).  DLSE also may contain Business name, address, license # (if applicable), telephone numbers and tax year.  All of this information comes from the State of California’s Department Of Industrial Relations Garment Manufacturing Registration Application Proof of Tax Filing and Payment (Form 8821), Application For Registration - Garment Manufacturing Industry (Form 810), Application for Farm Labor Contractor License (Form 401) and Car Washing and Polishing Registration Application (Form 666).

B.  Employee – None.

C.  Audit Trail Information – The DLSE application itself does not require a separate login.  The user is granted a shortcut to the application on his or her desktop so that logging onto the IRS network equates to access to DLSE.  The following IRS network user activities are logged and the data reviewed by the Modernization and Information Technology Services (MITS) security team on an ad hoc basis:
* logon/logoff by User ID
* password change
* create/delete/open/close file name
* program initiation
* all SA and database administrator (DBA) actions.

D. Other – None.

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

A. IRS - None.

B. Taxpayer – Taxpayers complete Form 8821, 810, 401 or 666 and send it to the IRS for processing.  The data stored in DLSE contains TIN, EIN or SSN.  DLSE also may contain Business name, address, license # (if applicable), telephone numbers and tax year.

C. Employee – None.
D. Other Federal Agencies – None.
E. State and Local Agencies – None.
F. Other third party sources – None.

3.  Is each data item required for the business purpose of the system?  Explain.

Yes.  The data are used to determine compliance with Department of Labor standards. 

4. How will each data item be verified for accuracy, timeliness, and completeness?

DLSE users manually compare the reports to ensure accuracy, timeliness and completeness of each data item on a weekly basis.  A monthly Embedded Quality Review System (EQRS) quality review also takes place.

5. Is there another source for the data?  Explain how that source is or is not used.

No.  There is no other source for the data.

6. Generally, how will data be retrieved by the user? 

Data may be retrieved by Federal EIN, SSN or by taxpayer name.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? 

Yes.  Data may be retrieved by Federal EIN, SSN or by taxpayer name.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Users, Managers, System Administrators, and Developers have access to the data.

9. How is access to the data by a user determined and by whom? 

Approval for access is determined by supervisor.  There is no OL5081 approval process.  Instead, the supervisor requests access for an employee from the system administrator.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.  No.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?  Not applicable.

12.  Will other agencies provide, receive, or share data in any form with this system?  No.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

DLSE data is archived compliant with Ogden Campus IRM retention policy.  Since the initiation of the application, the business unit has not had a need to perform data removal.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15.  No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.  No.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.  No.

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.  No.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

Yes.  If the taxpayer is in compliance with federal requirements, a license is provided giving the taxpayer the authority to operate.  Negatively affected parties may respond to a negative determination prior to final action by resubmitting the required form.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?  No.