Privacy Impact Assessment – Database Sharing from the Centralized Authorization File (CAF) to Automated Collection System (ACS)
CAF to ACS System Overview
This system assigns unique identifiers to Authorized Representatives (Power of Attorney form 2848) and appointees (Tax Information Authorization form 8821) and maintains the data with linkages to the appropriate taxpayer accounts and tax modules. It is a part of Integrated Data Retrieval System (IDRS) processing. The Automated Collection System (ACS) programming allows ACS to directly interface with the Centralized Authorization File (CAF). This interface allows ACS to generate letters to the appropriate POAs for accounts with a CAF indicator and eliminate the need for IDRS research with regard to CAF contact information. Currently this is a manual process where users must research the CAF on IDRS for authorized representative contact information, manually notate the data on the ACS screen and send a letter to that address. This functionality is required for systemic and realtime input of letters.
System of Records Number(s)
Treasury/IRS 24.030 CADE Individual Master File (IMF)
Treasury/IRS 24.046 CADE Business Master File (BMF)
Treasury/IRS 26.019 Taypayer Delinquent Accounts
Treasury/IRS 34.037 IRS Audit Trail & Security Records
Data in the System
1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)
A. TIN, File Source, MasterFile Tax, Tax period.
B. None
C. This database sharing utilizes the IDRS Audit Log; and using Desktop Integration functionality to perform tasks. There is an audit sign on report and IDRS audit trail of actions taken on IDRS and ACS
D. Extract include names, professional status (whether an attorney, CPA, enrolled agent, unenrolled return preparers) and contact information for practitioners who have filed form 2848.
2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)
A. All information will be secured from the Centralized Authorization File (CAF), an IRS Database/System. The information in the CAF is secured from forms prepared and submitted by practitioners.
B. None
C. None
D. None
E. None
3. Is each data item required for the business purpose of the system? Explain.
Yes. The requested extract will only contain the information that is needed to identify and contact the practitioner and identify their professional status and other level of authorization.
4. How will each data item be verified for accuracy, timeliness, and completeness?
Contact information is updated by CAF upon receipt of new request from taxpayer by form 2848.
5. Is there another source for the data? Explain how that source is or is not used. No.
6. Generally, how will data be retrieved by the user?
As a user accesses the account the data will be pulled from the CAF and displayed on screen.
7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?
Yes, the accounts are accessed by TIN.
Access to the Data
8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?
Users, Managers, System Administrators will have access to the data by accessing ACS by account.
9. How is access to the data by a user determined and by whom?
Authorization for ACS is provided through Resource Access Control facility and “DataBase 2”. Users cannot update CAF data. Users only access ACS to resolve Taxpayer Delinquent Account and Taxpayer Delinquent Investigation issues.
10. Do other IRS systems provide, receive, or share data in the system? List the systems and describe which data is shared.
IDRS: Individual and Master File Data
ACS: Delinquent account data; delinquent return data extracted from IDRS; Power of Attorney (POA) data; payments, closing information, history.
11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?
IDRS – C&A 7/04; PIA approved 5/27/05
ACS - C&A 10/14/05; PIA approved 7/15/03
12. Will other agencies provide, receive, or share data in any form with this system? No.
Administrative Controls of Data
13. What are the procedures for eliminating the data at the end of the retention period?
There is no retention period. The only data that will remain is the phone number populated on the ACS Entity screen. Users are only viewing the data in CAF via a screen to assure that the Authorized Representatives and appointees are correct and current before generating letters, and only for accounts with a CAF indicator.
14. Will this system use technology in a new way? If "YES" describe. If "NO" go to Question 15. No.
15. Will this system be used to identify or locate individuals or groups? If so, describe the business purpose for this capability. No.
16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring. No.
17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently? Explain. No.
18. Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?
Yes. It increases our accuracy in adhering to statutory requirement. Checks are built into all tax systems to prevent premature or inappropriate actions taken against taxpayers. They are duly notified and given opportunities and means to address issues.
19. If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors? N/A
|
