Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Business Measures Data Mart

 

Privacy Impact Assessment – Business Measures Data Mart

BMDM System Overview:

BMDM is an integrated product that provides both a database and a web interface and was designed as a single source for Management Information System (MIS) data concerning Small Business/Self Employed (SB/SE) operations nationwide.  The BMDM system is a Data Mart application used to display balanced measures calculated from data captured from other sources.

System of Records Number(s): 

Treasury/IRS 24.013 Combined Account Number File
Treasury/IRS 24.029 Individual Account Number File
Treasury/IRS 24.030 CADE Individual Master File
Treasury/IRS 24.046 CADE Business Master File
Treasury/IRS 34.037 IRS Audit Trail and Security Records System

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

A. Taxpayer –The BMDM system does not contain individually identifiable taxpayer information. 

B. Employee –The BMDM system contains employee User IDs and passwords, which verify the level of access to the system.

C. Audit Trail Information – User/employee actions are tracked by Standard Employee Identifier (SEID) by Security Audit and Analysis System (SAAS)

D. Other - none

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)
Answers in 1, above say there is no taxpayer or employee data in the system.  What info is gathered from the files listed  in A, here?

A. - IRS – The BMDM system receives measurement and workload indicator data files from the MIS Data Warehouse (MISDW), Audit Inventory Management System (AIMS), Collection Activity Reports (CAR), National Quality Review System (NQRS), Combined Annual Wage Reporting (CAWR), Workload Planning and Control (WP&C), Summary Examination Time Transmission System (SETTS), Examination Quality Measurement System (EQMS), Collection Quality Measurement System (CQMS), Management Information System for Top Level Executives (MISTLE), Automated Substitute for Return (ASFR), Information Returns Program Case Analysis System (IRPCA), Enterprise Telephone Data (ETD), Quality Review Database (QRDB), and Electronic Funds Transfer Program System (EFTPS).

B. Taxpayer – The system does not receive information directly from the taxpayer

C. Employee – The BMDM system contains employee UserIDs and passwords, which verify the level of access to the system.

D. Other Federal Agencies – The BMDM system does not obtain data from other Federal Agencies.

E. State and Local Agencies – The BMDM system does not obtain data from State or Local Agencies.

F. Other Third Party Sources – The BMDM system does not obtain data from other third party sources.

3.  Is each data item required for the business purpose of the system?  Explain.

Yes.  BMDM is a Data Mart application used to display balanced measures calculated from the particular data obtained.  All data items are required to populate the balanced measures, critical measures, diagnostic indicators and workload indicators for SB/SE

4. How will each data item be verified for accuracy, timeliness, and completeness?

The BMDM database contains extracts from existing IRS legacy systems, each of which has its own internal validation and verification processes.  This provides the ability to compare the actual data extract to the data contained in the BMDM for verification when required.

5. Is there another source for the data?  Explain how that source is or is not used.

No.  There are no other sources for the warehoused data. 

6. Generally, how will data be retrieved by the user? 

User interaction is through a web interface using Internet Explorer or an Excel Data Query.  Users will access the data contained in the BMDM system through a browser interface.  BMDM users go through their local LAN to the IRS Data Communication Utility (DCU) and then into the host server at the Austin MIS Office.

The following operating rules and design features are specific to the BMDM system:

Only summary MIS information is available to end users; individual taxpayer identifiers and/or account information are not in the BMDM system.

Only balanced/critical measures are available to end users at organizational levels below the business operating division (national) level.
 
7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? 

No.  The BMDM system does not provide the functionality for end users to retrieve data using a personal identifier.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

The BMDM system has approximately 50 users, ranging from the IRS Commissioner and executives, to territory managers and planning and analysis staffs.

9. How is access to the data by a user determined and by whom? 

A user’s position and “need-to-know” determine the type of access to the data.  The manager, functional security coordinator and the System Administrator (SA)/security officer grant approval for system access.  A user’s access to the data terminates when it is no longer required

The BMDM platform requires users to identify themselves and provide proof of their identity by UserID and password.  UserIDs are unique to each user.  In general, users do not have access rights to the system drive where operating system resources are stored.

However, System Administrators have global access rights within a domain.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

Yes.  The BMDM system receives data from:

* Audit Information Management System (AIMS)
* Summary Examination Time Transmission System (SETTS)
* Examination Quality Measurement System (EQMS)
* Work Planning and Control (WP&C)
* Management Information System for Top Level Executives (MISTLE)
* Automated Substitute for Return (ASFR)
* Collection Activity Reports (CAR)
* Information Returns Program Case Analysis System (IRPCA)
* Enterprise Telephone Data (ETD)
* Quality Review Database (QRDB)
* Electronic Funds Transfer Program System (EFTPS).
* National Quality Review System (NQRS)
* Collection Quality Management Systems (CQMS)
* Business Performance Management System (BPMS)

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?

Only AIMS, ASFR, ETD, EFTPS, BPMS have current PIAs.

12.  Will other agencies provide, receive, or share data in any form with this system?

No.  Other agencies will not share or have access to the BMDM data.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

After the five year retention period is over in accordance with IRM 1.15.17 the media must be overwritten or degaussed before it can be submitted for destruction.  Local procedures are in place for having outdated data diskettes and CDs sent to the Annex for proper destruction through a shredder.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15. 

No.  The BMDM system is not using technology in a new way.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.

No.  The BMDM system does not have the capability to identify or locate individuals or groups of people.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.

No.  The BMDM system does not have the capability to monitor individuals or groups of people.

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.

No.  The BMDM system does not allow IRS to treat taxpayers, employees or others differently.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

The BMDM database has no negative effects on the due process rights of taxpayers or employees.   The BMDM database is a data repository for MIS information, not a case processing or case management tool.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?

No.  The BMDM system does not use persistent cookies or other tracking devices to identify web visitors.  Only internal IRS employees will use the system. User/employee actions are tracked by Standard Employee Identifier (SEID) by Security Audit and Analysis System (SAAS).  Session cookies contain a unique identifier that can allow the Employee User Portal (EUP) web server to properly identify the user’s web client application only.  No personally identifiable or sensitive information is stored in client-side cookies.  The session cookie is destroyed when the user/employee terminates their web browser client, logs out of the application, or when the session timeout period has elapsed due to inactivity, whichever occurs first.
 


Page Last Reviewed or Updated: November 17, 2006