Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Photocopy Fee Refund

 

Privacy Impact Assessment – Photocopy Fee Refund

PHOREF System Overview:

To allow photocopy fee refunds to be issued to the taxpayer from the Financial Management System (FMS).  The database retains multiple years of data for any refund issued and also information regarding the photocopied case.  Once a week, throughout this system, all refunds for the prior week are downloaded to Accounting. Tapes are validated and released to FMS.

System of Records Number(s) (SORN) #: 

Treasury/IRS 34.037 IRS Audit Trail and Security Records System
Treasury/IRS 24.046 CADE Business Master File
Treasury/IRS 24.030 CADE Individual Master File
Treasury/IRS 00.001 Correspondence Files

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

Taxpayer: The taxpayer does not utilize the Photocopy Fee Refunds (PHOREF) application.  The taxpayer submits written request and fee amount for copy(ies) of one or more prior tax returns to the Internal Revenue Service (IRS).  This information is entered into a database, external to the PHOREF application, and then processed.

If the investigator/processor cannot locate the tax return(s), a request is generated to refund the taxpayer’s fee amount.  The process to refund the taxpayer’s fee amount is what encompasses the PHOREF application and its process.  To execute this process, the IRS requires personal information such as Social Security Numbers (SSNs), name, address, amount of refund and refund date to generate a check for the amount of the submitted fee and to return the fee to the taxpayer.

Employee: IRS employees manually input Taxpayer data into the PHOREF application.  Users are, therefore, required to login to the NUMA-Q system hosting the PHOREF application using login identification (ID) and password.  Furthermore, when making entries into the PHOREF database, IRS employees are required to enter their caseworkers Integrated Data Retrieval System (IDRS) number and any pertinent remarks that support the tax fee refund process.  Other employee information may be derived from profiles used to create system accounts that are required not only for application use, but maintenance of the system.  Such information includes login ID and names of application users and system support personnel.

Audit Trail: Information is collected from employees who are authorized to log on and work and process photocopy refund requests.  This information is tracked via audit trails on the 5081 system; audit trails contain the employee's number, which is used to assign and monitor cases for a particular employee.

Other:  There is no other data utilized in this process.

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

a. The PHOREF application uses system and database files required to process the refund request (for example, host files on the system required for authentication and database files created.

b. name & address information come from the taxpayer supplied information on Form 4506

3.  Is each data item required for the business purpose of the system?  Explain.

Yes, the data is used to pay the taxpayers for their photocopy fees.

4. How will each data item be verified for accuracy, timeliness, and completeness?

Certification Officers in the Accounting Unit department check the data in the PHOREF application for completeness and accuracy.

5. Is there another source for the data?  Explain how that source is or is not used.

The typical source of information in the application tends to be input received from taxpayers via the Request for Copy or Transcript of Tax Form, Form 4506.  This information is manually keyed into the PHOREF application database.  Although this is the obvious category of information in the system, IRS employees are required to have access to the application and part of this process requires submission and approval of an Information Systems User Registration/Change Request, Form 5081.  Information such as IRS employee name can be taken from the form and used to create system profiles that are used to access specific portions of the application.

6. Generally, how will data be retrieved by the user? 

Users of the PHOREF application retrieve data through the use of application menu selections.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?  Yes.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Only IRS employees with a “need-to-know” will have access to the PHOREF application.  Employees having a “need-to-know” will be required to submit and have a Form 5081 approved by their management before access is granted.  Job roles and responsibilities will be used to determine the level of access to the application or subsets of the application.  Typically, employees are given read and write access, however, access can be expanded or restricted based on roles and responsibilities.  An example of expanded access would be, a system administrator’s need to have access to multiple subsets of the application to perform his or her duties.

9. How is access to the data by a user determined and by whom? 

Employees needing access to the PHOREF application must obtain management approval upon issuance of a Form 5081.  Once approved, they are required to have a user account on the IBM NUMA-Q and must be a member of the “photo” group with a login name registered in the Sequent Access Menu (SAM).

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.  No.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?  N/A.

12.  Will other agencies provide, receive, or share data in any form with this system?

An ASCII file containing SSN, name, address, and photocopy fees to be refunded is ftp’d to FMS (Financial Management System) weekly.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

A script accomplishes the purging and eliminating of data from the PHOREF application at the end of the 3-year retention period.  The procedures for eliminating data are included in the PHOREF Installation and Maintenance Manual.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15. No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.

Yes, the PHOREF application does afford the ability to segregate IRS employees according to their roles and responsibilities thus lending to the traceability of groups of individuals.  This type of monitoring is needed for all information systems as it ensures data integrity and secures operation of the system.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.

Yes, the PHOREF application contains taxpayer information such as name, SSN or TIN, and addresses that are viewable during processing.  However, monitoring this information or the identified individuals is not a function of the application.  The application and its host do provide traceability in audit trails that yield the capability to identify, locate, and monitor system users.  This type of monitoring is required for all information systems as it ensures data integrity and secures operation of the system.

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.

The PHOREF application does not make determinations about individuals or groups that would lead to disparate treatment.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?  N/A.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?

The system is not web based.
 


Page Last Reviewed or Updated: December 06, 2006