Federal Unemployment Tax Act

IRS Resources

Federal Unemployment Tax Act

Privacy Impact Assessment - Federal Unemployment Tax Act (FUTA)

FUTA System Overview:

The Federal Unemployment Tax Act (FUTA) application is a cooperative effort between 53 possessions and states, and the federal government for the administration of unemployment insurance. The IRS is responsible for receiving and processing the Employer’s Annual Federal Unemployment Tax Return (Form 940). Revenue is deposited into the FUTA Trust Fund and the computerized FUTA certification program is the method the IRS uses to verify with the states that the credit claimed on the Form 940 was actually paid into the states’ unemployment program. There is up to $4,000,000 of potential assignments made through this reconciliation process.

I. Data in the System

1. Generally describe the information to be used in the system in each of the following categories:

* Taxpayer: Taxpayer information is provided on Form 940 and Schedule H.
* Employee: Name, work schedule, assignment numbers, work address and the employee’s profile.
* Other: The Document Locator Number (DLN) and various codes (i.e., freeze codes, return condition codes) and indicators.

2. What are the sources of the information in the system?

Information for the FUTA data files is retrieved from the Enterprise Computing Center -Martinsburg (MTB) Business Master Files (BMF) and Individual Master Files (IMF) databases.

a. What IRS files and databases are used?

BMF is used for Forms 940 and 1041.
IMF is used for Forms 1040, Schedule H.

b. What Federal Agencies are providing data for use in the system?

No Federal Agencies provide data for use in the FUTA.

c. What State and Local Agencies are providing data for use in the system?

No State or Local Agencies provide data for use in the FUTA.

d. From what other third party sources will data be collected?

No third party sources provide data for use in the FUTA.

e. What information will be collected from the taxpayer/employee?

* Taxpayer: Taxpayer information is provided on Form 940 and Schedule H.
* Employee: Name, work schedule, assignment numbers, work address and the employee’s profile.

3. a. How will data collected from sources other than IRS records and the taxpayer be verified for accuracy?

Manual intervention by using research tools available and information provided by the taxpayer is used to verify each item for accuracy, timeliness, and completeness as well as yearly master file updates to the system.

b. How will data be checked for completeness?

c. Is the data current? How do you know?

4. Are the data elements described in detail and documented? If yes, what is the name of the document?

Yes, the data elements are documented in the FUTA Functional Specification Package (FSP).

II. Access to the Data

1. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Other)?

The following personnel will have access to the data in the FUTA:
* FUTA Users
* FUTA System Administrator(s) (SA)/Database Administrator(s) (DBA)
* FUTA Developers
* National Office (NO) Program Analysts

2. How is access to the data by a user determined? Are criteria, procedures, controls, and responsibilities regarding access documented?

Management determines access to FUTA. A completed Form 5081 must also be approved and submitted before any user will be provided access to FUTA. Access will be immediately terminated when the user no longer requires access to FUTA.

THE FOLLOWING MANDATORY RULES ARE DEFINED FOR USERS OF IRS COMPUTER AND INFORMATION SYSTEMS:
* Users are forbidden to access, research, or change any account, file, record, or application that is not required to perform official duties.

* Users are restricted to accessing, researching or changing only accounts, files, records or applications required to perform their official duties.

* Users are restricted from accessing their individual/spouse account, accounts of relatives, friends, neighbors, or any account in which the user has a personal or financial interest. Users are restricted from accessing the accounts of a famous or public person unless given authorization.

* If asked to access an account or other sensitive or private information, users are required to verify that the request is authorized and valid. Users will be held accountable if they access an unauthorized account.

* Users are required to protect passwords from disclosure and to refuse acceptance of passwords that are not delivered in a sealed envelope. Users are required to log/sign off anytime they leave the computer or terminal.

* Users are required to retrieve all hard copy printouts in a timely manner, ensure magnetic media is secured based on the sensitivity of the information contained, and practice proper labeling procedures. Users are instructed not to disclose or discuss any IRS-related information with unauthorized individuals.

* Users are instructed to protect IRS employee internal work telephone numbers from disclosure.

* All vendors are to be escorted and monitored.

Yes, there is documentation of all users who access FUTA.

3. Will users have access to all data on the system or will the user’s access be restricted? Explain.

Users access to FUTA is provided on a need to know basis. Users are restricted to data by profile.

4. What controls are in place to prevent the misuse (e.g., browsing) of data by those having access?

System security is afforded by the UNIX operating system security levels, which make it possible to closely control an individual’s access. FUTA users only have access to data that has been authorized to them. User profiles make it possible for the SA/DBA to control who has access to the FUTA and audit functions track all request-related activity.

* Users are restricted to accessing, researching or changing only accounts, files, records or applications that are required to perform their official duties.

System access and browsing operations are tracked by audit mechanisms to detect the misuse of access privileges by system users.

5. a. Do other systems share data or have access to data in this system? If yes, explain.

Yes, the BMF and IMF share data or have access to data in FUTA. The access is limited to Schedule H information.

b. Who will be responsible for protecting the privacy rights of the taxpayers and employees affected by the interface?

The Commissioner of the IRS.

6. a. Will other agencies share data or have access to data in this system (International, Federal, State, Local, Other)?

No other agencies share data or have access to data in FUTA.

b. How will the data be used by the agency?

This question is not applicable since other agencies do not use data in the FUTA.

c. Who is responsible for assuring proper use of the data?

This question is not applicable since other agencies do not use data in FUTA.

d. How will the system ensure that agencies only get the information they are entitled to under IRC 6103?

This question is not applicable since other agencies do not use data in FUTA.

III. Attributes of the Data

1. Is the use of the data both relevant and necessary to the purpose for which the system is being designed?

Yes, the FUTA Certification Program is the method the IRS uses to verify with the states that the credit claimed on the Form 940 and/or Schedule H was actually paid into the states’ unemployment funds.

2. a. Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected?

Yes, FUTA will derive new data through the changes made to the master files (BMF and IMF) regarding assessments and abatements. Some of the data in FUTA is SBU and protected accordingly. The next higher level of sensitivity according to Treasury would be LOU (DoD confidential). Personnel data is not considered classified information.

b. Will the new data be placed in the individual’s record (taxpayer or employee)?

Yes, the new data will be placed in the taxpayer/employee’s record.

c. Can the system make determinations about taxpayers or employees that would not be possible without the new data? No.

d. How will the new data be verified for relevance and accuracy?

The new data will be verified through manual means by research tools and the information provided by the taxpayer.

3. a. If data is being consolidated, what controls are in place to protect the data from unauthorized access or use?

There is no data consolidation in the system.

b. If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access? Explain

There are no processes being consolidated.

4. How will the data be retrieved? Can it be retrieved by personal identifier? If yes, explain.

All FUTA data is retrieved from the Employer Identification Number (EIN).

5. What are the potential effects on the due process rights of taxpayers and employees of:

a. Consolidation and linkage of files and systems;

5U.S.C.552a and 26U.S.C.

b. Derivation of data;

5U.S.C.552a and 26U.S.C.

c. Accelerated information processing and decision making;

Accelerating the data process enables the FUTA users to conduct the analysis of taxpayer related information in a more timely manner. The accelerated process adheres to 5U.S.C.552a and 26U.S.C.

d. Use of new technologies;

The FUTA configuration is not a new technology. The application server is hosted on a SUN Enterprise E10000 Server with UNIX OS.

How are the effects to be mitigated?

There are no effects to be mitigated.

IV. Maintenance of Administrative Controls

1. a. Explain how the system and its use will ensure equitable treatment of taxpayers and employees.

The FUTA does not affect the equitable treatment of taxpayers/employees. The IRS has established the following operational guidelines for the handling of taxpayer information:
* Protecting taxpayer privacy and safeguarding confidential taxpayer information is a public trust.

* No information will be collected or used with respect to taxpayers that is not necessary and relevant for tax administration and other legally mandated or authorized purposes.

* Information will be collected, when practicable, directly from the taxpayer to whom it relates.

* Personally identifiable taxpayer information will be used only for the purpose for which it was collected, unless other uses are specifically authorized or mandated by law.

* Personally identifiable taxpayer information will be disposed of at the end of the retention period required by law or regulation.

* Taxpayer information will be kept confidential and will not be discussed with, nor disclosed to, any person within or outside the IRS other than as authorized by law and in the performance of official duties.

* Browsing, or any unauthorized access of taxpayer information by any IRS employee, constitutes a serious breach of the confidentiality of that information and will not be tolerated.

* Requirements that govern accurate, reliable, complete, and timely taxpayer information will ensure the fair treatment of all taxpayers.

* The privacy rights of taxpayers will be respected at all times and every taxpayer will be treated honestly, fairly, and respectfully.

b. If the system is operated in more than one site, how will consistent use of the system and data be maintained in all sites?

The FUTA is installed and operated only at the Enterprise Computing Center – Memphis (MEM).

c. Explain any possibility of disparate treatment of individuals or groups.

This question is not applicable for FUTA.

2. a. What are the retention periods of data in this system?

The FUTA retains the files, which contains the taxpayer data per the General Records Schedule (GRS) 20 (IRM 1.15.3, Chapter 20), Electronic Records, IRM 1.15.1, Records Administration Handbook, and IRM 1.15.2, Records Disposition Handbook. The FUTA files which contain the TINs and the Forms 5081, which contain employee data are retained through normal system backup procedures for 7 years for the audit trails.

b. What are the procedures for eliminating the data at the end of the retention period? Where are the procedures documented?

Procedures for eliminating data at the end of the retention period are found in OMB Circular A-130 requirements as described in General Records Schedule (GRS) 20 (IRM 1.15.3, Chapter 20), Electronic Records, IRM 1.15.1, Records Administration Handbook, and IRM 1.15.2, Records Disposition Handbook.

c. While the data is retained in the system, what are the requirements for determining if the data is still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?

The information comes from the taxpayer initially. The FUTA receives a yearly download and the state agencies are contacted for updated information to resolve the discrepancy between state and federal related information. The taxpayers are contacted to explain discrepancies identified in the program and information provided by the taxpayers are included.

Office of Management and Budget (OMB) A-123 requires the integrity of the data remains intact while still in the system. While the data is still in the system, the FUTA application and the operating system for the E10K maintaining the access controls will ensure the integrity of data. If, for some reason (e.g., power blink, disk failure, etc.,) the databases become corrupt, the data can be retrieved from the back up tapes. Validity of the data is checked after it is written to the tape.

3. a. Is the system using technologies in ways that the IRS has not previously employed (e.g., Caller-ID)?

The FUTA is not using technologies in ways that the IRS has not previously employed.

b. How does the use of this technology affect taxpayer/employee privacy?

This question is not applicable since the FUTA is not using technologies in ways that the IRS has not previously employed.

4. a. Will this system provide the capability to identify, locate, and monitor individuals? If yes, explain.

The FUTA is not used to identify, locate, or monitor individuals.

b. Will this system provide the capability to identify, locate, and monitor groups of people? If yes, explain.

The FUTA does not provide the capability to identify, locate, and monitor groups of people.

c. What controls will be used to prevent unauthorized monitoring?

This question is not applicable since the FUTA does not monitor individuals or groups.

5. a. Under which Systems of Record notice (SOR) does the system operate? Provide number and name.

The following SOR notices are covered by FUTA:

Treasury/IRS 22.061 Wage and Information Returns Processing Files
Treasury/IRS 24.030 Individual Master File
Treasury/IRS 24.046 Business Master File
Treasury/IRS 34.020 Audit Trail Lead Analysis System

b. If the system is being modified, will the SOR require amendment or revision? Explain.

FUTA application process is not being modified, but the database back-end is being converted from Informix to Oracle.

Page Last Reviewed or Updated: September 20, 2006