Privacy Impact Assessment  – Payment Tracer Application

PTA System Overview:

The program is used by Payment Tracer Units to substantiate disputed payments.  The user inputs a DLN (document locator number) of the payment and it is checked against two Error Resolution runs.  If the DLN is not located, it is sent to the Enterprise Computing Center, Martinsburg (ECC-MTB – formerly MCC) and the Enterprise Computing Center, Memphis (ECC-MEM – formerly TCC) and a DLN search is performed on the entire Master File.  If the DLN is still not located, it is entered into the Payment Tracer database for additional inventory and research purposes.       

System of Records Number(s):

Treasury/IRS 36.003 General Personnel and Payroll Records
Treasury/IRS 34.037 IRS Audit Trail and Security Records System
Treasury/IRS 26.019 Taxpayer Delinquent Accounts (TDA)   
Treasury/IRS 24.046 CADE Business Master File (BMF)
Treasury/IRS 24.030 CADE Individual Master File (IMF)
Treasury/IRS 00.001 Correspondence Files (including Stakeholder Relationship files) and Correspondence Control Files

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

A. Taxpayer: Taxpayer Identification Number (TIN), original TIN, new TIN, name control, DLN, DLN type, transmit date, processing years, control day, control date, payment amount, payment date, bank name, tax period, MFT, cycle, transaction date, and transaction code.

B. Employee: Payment Tracers contains the employee ID number of the employee working the case.

C. Audit Trail Information: The Payment Tracer application is located at ECC-MEM and resides on two SUN UNIX servers: TS00002B and TS00002E.  The application collects the employees’ log-in information. 

D. Other: The control date and comments about the case are entered by the employee.

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

A. IRS: All data elements except the DLN, bank name, employee number, control date, and comments obtained from Error Resolution runs ERS 1101 and ERS0505 and Master File extracts.

B. Taxpayer: The DLN and bank name are obtained from the taxpayer.

C. Employee: Payment Tracers contains the employee number, control date, and comments about the case from the employee working the case.

D. Other Federal Agencies: No other Federal Agencies provide data for Payment Tracers.

E. State and Local Agencies: No State and Local Agencies provide data for Payment Tracers.
F. Other Third Party Sources: No third party sources provide data for Payment Tracers.

3.  Is each data item required for the business purpose of the system?  Explain.

Each data item is required to identify and locate the correct payments.

4. How will each data item be verified for accuracy, timeliness, and completeness?

Only information provided by the taxpayer or IRS is used.  The application verifies the data against Error Resolution runs and Master File extracts for accuracy and completeness.  There is no timeliness issue.

5. Is there another source for the data?  Explain how that source is or is not used.  No.

6. Generally, how will data be retrieved by the user? 

The data is generally retrieved when an employee enters the DLN into the system. 

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? 

The data is retrievable by entering the TIN into the system.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Users and Managers in the Payment Tracer Units have access to data in the system.  Access to the data is determined by the Manager based on a user’s position and need-to-know basis as part of his/her official duties.

9. How is access to the data by a user determined and by whom? 

* Level of access to the data is determined by the Manager based on a user’s position and need-to-know.
* The manager will request that users be granted access to the application, added, or deleted via online Form 5081, Information System User Registration/Change Request.  A user’s access to the data terminates when it is no longer a required part of his/her  official duties.
* Criteria, procedures, controls, and responsibilities regarding access are documented in the Information System Security Rules on Form 5081. 

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

The DLN, processing year, control day, original TIN, and new TIN are provided by the Error Resolution runs.  The DLN, TIN, name control, tax period, MFT, cycle, transaction date, transaction code, and control date are provided by Master File.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?

Error Resolution and Master File are Unisys runs.  The Unisys System is approved under the Service Center Support System PIA.

12.  Will other agencies provide, receive, or share data in any form with this system?  No.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

* Data sent to ECC-MTB is generated monthly and overlays the previous month’s data.  This specification was built into the application.   
* Data from the Error Resolution runs is maintained for 20 years and then purged from the system.  This specification was built into the application. 
* Data received from ECC-MTB is maintained by the users until the case is closed and then deleted.  This selection is user-based and described in the Payment Tracer User’s Guide.    
* Data input by the user is maintained until the case is closed, then removed to an archive table for one year before being purged from the system.  This specification was built into the application.

Staff are finalizing administrative processes, including a scheduling of these records
 
14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15. No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.

No, the system is not used to identify or locate individuals or groups.  The system is used to locate payments made by taxpayers.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.

No, the system does not provide the capability to monitor individuals or groups.  

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.

No. Payment Tracers is designed to facilitate a required manual process.  There is no disparate treatment of individuals or groups. 

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

The application is used to identify lost, missing, or misapplied payments.  With the help of this program, taxpayers’ accounts can be corrected and made whole before any harm or action is taken.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?

The system is not web-based.  The application’s interface is web-based and is only accessible to IRS Hard Core Payment Tracer Function users.  The system does not use any cookies or tracking devices other than the login-id that allows users access to the application.