Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Compliance Research Initiative Tracking System (CRITS) - Privacy Impact Assessment

 

PIA Approval Date: March 28, 2006

CRITS System Overview:

Compliance Research Initiative Tracking System (CRITS) is a tool that allows a user to request specific taxpayer data (tax elements) from Corporate Files On Line (CFOL).  The application allows the user to query Individual Master File (IMF), IRTF, and National Account Profile (NAP) for the disclosure of specific tax information on a large number of taxpayers, and then presents this information in an easy to use electronic format.

I.  Data in the System

1.  Generally describe the information to be used in the system in each of the following categories:

The Compliance Research Initiative Tracking System (CRITS) is designed to assist the Research to measure Earned Income Tax Credit (EITC) and non-EITC research initiatives.  It supports Research in their effort to retrieve tax information needed from Corporate Files Online (CFOL) databases to measure the impact of these initiatives.

Taxpayer:  The CRITS data files include the following sensitive information:

  • Taxpayer Identification Number (TIN)
  • Taxpayer information from the Individual Return Transaction File (IRTF) and Individual Master File (IMF) databases such as:  spouse name, Social Security Number (SSN) and address; dependent names and SSNs; wages, income, and profits; Earned Income Credit (EIC) data; and exemptions and deductions.

Employee:  Form 5081 (Information System User Registration/Change Request) Identification and Authentication (I&A) information of all CRITS users with access to the system.

Other:  None; no other sensitive information is used by the CRITS.

2.  What are the sources of the information in the system?

Information for the CRITS data files is retrieved from the Martinsburg Computing Center (MCC) Corporate Files Online (CFOL) IRTF and IMF databases.

a.  What IRS files and databases are used?

Research users submit the TINs and tax years required for their research initiative in a request file via the IRS intranet at crits.enterprise.irs.gov:10001/. The System Administrator (prior to 07/31/06) verifies that the total number of TINs and the tax years requested by the authorized CRITS user have been approved and the research initiative is authorized before submitting the request for processing by the CRITS.  As of 8/1/06, the system will perform the verification systemically. The CRITS uses the provided TINs and tax years to retrieve the information stated in paragraph 1 from the MCC CFOL.

b.  What Federal Agencies are providing data for use in the system?

No Federal Agencies provide data for use in the CRITS.  The CRITS receives all of its data from CFOL.

c.  What State and Local Agencies are providing data for use in the system?

No State or Local Agencies provide data for use in the CRITS.  The CRITS receives all of its data from CFOL.

d.  From what other third party sources will data be collected?

No third party sources provide data for use in the CRITS.  The CRITS receives its data from CFOL.

e.  What information will be collected from the taxpayer/employee?

Taxpayer:  No information is collected from the taxpayer; all information used by the CRITS is received from CFOL.

Employee:  The employee information kept on the CRITS is Research user I&A information.

3. a.  How will data collected from sources other than IRS records and the taxpayer be verified for accuracy?

This question is not applicable since the CRITS only retrieves data from CFOL.

b.  How will data be checked for completeness?

This question is not applicable since the CRITS only retrieves data from CFOL.

c.  Is the data current? How do you know?

This question is not applicable since the CRITS only retrieves data from CFOL.

4.  Are the data elements described in detail and documented?  If yes, what is the name of the document?

The CRITS extracts selected fields from the CFOL database based on user parameters.  The data elements are described in detail in the CRITS Data Dictionary.

II.  Access to the Data

1.  Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Other)?

The following personnel will have access to the data in the CRITS:

  • CRITS Security Officer
  • CRITS System Administrator(s) (SA)/Database Administrator(s) (DBA)
  • Lead Research Chief
  • Agent(s) at Lead Research
  • Agent(s) at Associate Research(s)

2.  How is access to the data by a user determined?  Are criteria, procedures, controls, and responsibilities regarding access documented?

Before a request file can be submitted to the CRITS to retrieve CFOL data, Research must have an approved Research Plan on file at the National Office.  An authorized CRITS user must prepare a Memorandum of Understanding (MOU) that identifies the specific tax information needed, participants in the study, duration of the study, size of the extract, total number of extracts, total number of TINs to be submitted, and other pertinent information.  The Research Group Manager and Director of Research must approve the MOU which grants the user permission to extract a specified number of tax records.  The Research Group Manager must also sign an Unauthorized Access (UNAX) Certification which specifies the maximum number of requests (TINs and tax years) that will be contained in the request file sent to the CRITS.  A completed Form 5081 must also be approved and submitted before any user will be provided access to the CRITS.  Access is immediately terminated when the user no longer requires access to the CRITS.

THE FOLLOWING MANDATORY RULES ARE DEFINED FOR USERS OF IRS COMPUTER AND INFORMATION SYSTEMS:

  • Users are forbidden to access, research, or change any account, file, record, or application that is not required to perform official duties.
  • Users are restricted to accessing, researching or changing only accounts, files, records or applications required to perform their official duties.
  • Users are restricted from accessing their individual/spouse account, accounts of relatives, friends, neighbors, or any account in which the user has a personal or financial interest.  Users are restricted from accessing the accounts of a famous or public person unless given authorization.
  • If asked to access an account or other sensitive or private information, users are required to verify that the request is authorized and valid.  Users will be held accountable if they access an unauthorized account.
  • Users are required to protect passwords from disclosure and to refuse acceptance of passwords that are not delivered in a sealed envelope.  Users are required to log/sign off anytime they leave the computer or terminal.
  • Users are required to retrieve all hard copy printouts in a timely manner, ensure magnetic media is secured based on the sensitivity of the information contained, and practice proper labeling procedures.  Users are instructed not to disclose or discuss any IRS-related information with unauthorized individuals.
  • Users are instructed to protect IRS employee internal work telephone numbers from disclosure.
  • All vendors are to be escorted and monitored.

Access to the CRITS is accomplished through the I&A functions contained within the UNIX operating system.

The use of “superuser” privilege is strictly limited and audited.  A “superuser” account has “root” access to the operating system, affording access to all system administration and security functions.  The IRS defines the responsibilities associated with these functions, and that information is provided to system vendors and developers.

The UNIX operating system and the CRITS security controls allow for resource-based access.  Individual and group profiles have been established and system level file protection is implemented.  USERIDs, groups, and resources are identified for protection.  Permissions/profiles are identified for individuals, groups or users, nested resources, or multiple groups/nests, and can only be assigned by an authorized individual.

3.  Will users have access to all data on the system or will the user’s access be restricted?  Explain.

Users are restricted to the taxpayer data elements required for the applicable research initiative as specified in the approved Research Plan.  CRITS file access is restricted as follows:

  • Research users have full access to the taxpayer data element information specified in their research initiative once this data is retrieved from CFOL and submitted to them by CRITS.
  • The CRITS SA/DBA has read-only access to the CFOL to retrieve the taxpayer information requested by the Research user.
  • The CRITS functional security coordinators have Read, Query, Write, and Delete access to audit trail and other security control mechanisms.

4.  What controls are in place to prevent the misuse (e.g., browsing) of data by those having access?

System security is afforded by the UNIX operating system and the CRITS security levels, which make it possible to closely control an individual’s access to the CRITS.  Any user may access CRITS at  http://crits.wr.irs.gov/ for general information; however, only authorized user (a user with a valid login/password)  has access to the CRITS web server to submit request files and retrieve response files, and does not have access to the CRITS application server nor the CFOL.  User profiles make it possible for the SA to control who has access to the CRITS servers and audit functions track all request-related activity.  The users cannot perform ad-hoc queries to CFOL via the CRITS.

THE FOLLOWING MANDATORY RULES ARE DEFINED FOR USERS OF IRS COMPUTER AND INFORMATION SYSTEMS:

  • Users are forbidden to access, research, or change any account, file, record, or application that is not required to perform official duties.
  • Users are restricted to accessing, researching or changing only accounts, files, records or applications that are required to perform their official duties.
  • Users are restricted from accessing their individual/spouse account, accounts of relatives, friends, neighbors, or any account in which the user has a personal or financial interest.  Users are restricted from accessing the accounts of a famous or public person unless given authorization.
  • If asked to access an account or other sensitive or private information, users are required to verify that the request is authorized and valid.  Users will be held accountable if they access an unauthorized account.

System access and browsing operations are tracked by CRITS audit mechanisms to detect the misuse of access privileges by system users.

5. a.  Do other systems share data or have access to data in this system?  If yes, explain.

No other systems share or have access to the data in the CRITS.  The CRITS retrieves data from CFOL based on user requests and the users retrieve their data file from the CRITS web server.

b.  Who will be responsible for protecting the privacy rights of the taxpayers and employees affected by the interface?

When the Research Group Manager signs the UNAX Certification required before any user request is processed by the CRITS, the manager certifies that he/she is aware of their responsibilities under the UNAX regulations and accepts the responsible for ensuring that there are no UNAX implications for the data contained in the request file.  The Research Group Manager also accepts responsibility for ensuring compliance with all security measures, taxpayer privacy rights, and government standards concerning the use of the taxpayer data being requested.

6. a. Will other agencies share data or have access to data in this system (International, Federal, State, Local, Other)?

No other agencies share data or have access to data in the CRITS.

b.  How will the data be used by the agency?

This question is not applicable since other agencies do not use data in the CRITS.

c.  Who is responsible for assuring proper use of the data?

This question is not applicable since other agencies do not use data in the CRITS.

d.  How will the system ensure that agencies only get the information they are entitled to under IRC 6103?

This question is not applicable since other agencies do not use data in the CRITS.

III.  Attributes of the Data

1.  Is the use of the data both relevant and necessary to the purpose for which the system is being designed?

The CRITS is designed to provide Research with the CFOL data that is both relevant and necessary to research and measure the EITC and non-EITC initiatives.

2. a.  Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected?

No, the CRITS does not derive or create new data.  The CRITS only retrieves data from CFOL and does not process the data it passes to Research.

b.  Will the new data be placed in the individual’s record (taxpayer or employee)?

This question is not applicable since the CRITS does not process the CFOL data it retrieves and passes to Research.

c.  Can the system make determinations about taxpayers or employees that would not be possible without the new data?

This question is not applicable since the CRITS does not process the CFOL data it retrieves and passes to Research.

d.  How will the new data be verified for relevance and accuracy?

This question is not applicable since the CRITS does not process the CFOL data it retrieves and passes to Research.

3. a.  If data is being consolidated, what controls are in place to protect the data from unauthorized access or use?

This question is not applicable since the CRITS does not consolidate the CFOL data it retrieves and passes to Research.

b.  If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access?  Explain

This question is not applicable since the CRITS does not consolidate the CFOL data it retrieves and passes to Research.

4.  How will the data be retrieved?  Can it be retrieved by personal identifier?  If yes, explain.

All CRITS data is retrieved from CFOL in a batch file query based on TIN and tax year information provided by Research in their request file.  This data is then saved to a file by a CRITS SA/DBA.  The file is downloaded by Research’s authorized user where the data is used for research and analysis.  There is no need to retrieve data by any other personal identifier.

What are the potential effects on the due process rights of taxpayers and employees of:

There are no potential effects on the due process rights of the employees—the data is used solely for research and analysis.

a.  Consolidation and linkage of files and systems;

The CRITS does not consolidate or link files or systems—the CFOL bulk data is used for research and analysis.

b.  Derivation of data;

The CRITS provides Research with data for immediate analysis of taxpayer behavior and allows the Research staff to determine the necessity of further analysis.

c.  Accelerated information processing and decision making;

By accelerating the CFOL data process, the CRITS enables Research’s authorized users to conduct the analysis of taxpayer behavior in a more expeditious manner.

d.  Use of new technologies;

The CRITS configuration is not a new technology.  The CRITS resides on two servers: a web server and an application server.  Prior to April 1, 2006, the web server is hosted on a Sun Microsystems, Inc. Ultra 10, with Sun Solaris 2.6 Operating System (OS).  The application server is hosted on a NCR Corp. 4300, with MP-RAS version 3.02 OS.  The application server also utilizes Oracle Relational Database Management System (RDBMS) version 8.0.5. On April 1, 2006, the servers will be replaced.  The web server will be replaced with the Sun Fire V120 with Solaris 8 and System Web Server pre-installed. The application server will be replaced with V210 Ultra SPARC IIIi with 1PSU, Java ES, and Solaris 9.  The application server also utilizes Oracle version 10

5.  How are the effects to be mitigated?

There are no effects to be mitigated.  The CRITS is used to retrieve and pass CFOL data to Research for analysis of taxpayer behavior to determine the necessity of further analysis

IV.  Maintenance of Administrative Controls

1. a.  Explain how the system and its use will ensure equitable treatment of taxpayers and employees.

The CRITS does not affect the equitable treatment of taxpayers/employees.  The IRS has established the following operational guidelines for the handling of taxpayer information:

  • Protecting taxpayer privacy and safeguarding confidential taxpayer information is a public trust.
  • No information will be collected or used with respect to taxpayers that is not necessary and relevant for tax administration and other legally mandated or authorized purposes.
  • Information will be collected, when practicable, directly from the taxpayer to whom it relates.
  • Personally identifiable taxpayer information will be used only for the purpose for which it was collected, unless other uses are specifically authorized or mandated by law.
  • Personally identifiable taxpayer information will be disposed of at the end of the retention period required by law or regulation.
  • Taxpayer information will be kept confidential and will not be discussed with, nor disclosed to, any person within or outside the IRS other than as authorized by law and in the performance of official duties.
  • Browsing, or any unauthorized access of taxpayer information by any IRS employee, constitutes a serious breach of the confidentiality of that information and will not be tolerated.
  • Requirements that govern accurate, reliable, complete, and timely taxpayer information will ensure the fair treatment of all taxpayers.
  • The privacy rights of taxpayers will be respected at all times and every taxpayer will be treated honestly, fairly, and respectfully.

b.  If the system is operated in more than one site, how will consistent use of the system and data be maintained in all sites?

Currently CRITS is installed and operated only at the Fresno Submission Processing Center (SPC)/Customer Support Center (CSC); however, when the servers are replaced, this will change.  CRITS will only operate from the Compliance Data Warehouse (CDW).  The SA, located at the Fresno SPC, will have remote access to the new servers.  The servers which were located at the Fresno SPC will be shut-down.

Note:  The development and test servers will be located at the Ogden Development Center (ODC).  

c.  Explain any possibility of disparate treatment of individuals or groups.

This question is not applicable since the CRITS does not process the CFOL data—it retrieves and passes the data to Research.

2. a.  What are the retention periods of data in this system?

The CRITS retains the user response file containing the taxpayer data requested from CFOL for 14 calendar days before deleting it.  The user request files containing the TINs and tax years being researched and the Forms 5081 containing employee data are retained through normal system backup procedures for 7 years to retain the audit trails.

b.  What are the procedures for eliminating the data at the end of the retention period?  Where are the procedures documented?

User response files are deleted from the system after 14 calendar days and backup media is degaussed and reused after the retention period.  Procedures for this are contained in the CRITS Security Features Users Guide (SFUG) and design specifications.

c.  While the data is retained in the system, what are the requirements for determining if the data is still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?

This question is not applicable to the CRITS since the data retrieved from CFOL is based on an approved Research Plan for specified TINs during specified tax periods.  This data stays relevant until a new Research Plan is proposed and approved.

3. a.  Is the system using technologies in ways that the IRS has not previously employed (e.g., Caller-ID)?

The CRITS is not using technologies in ways that the IRS has not previously employed.  Other IRS systems use similar technologies to retrieve the data required to measure taxpayer compliance.  The CRITS web server can only be accessed using the IRS Intranet.

b.  How does the use of this technology affect taxpayer/employee privacy?

This question is not applicable since the CRITS is not using technologies in ways that the IRS has not previously employed.

4. a.  Will this system provide the capability to identify, locate, and monitor individuals?  If yes, explain.

The CFOL data retrieved and submitted by the CRITS is used solely for research and analysis as described in the approved Research MOU and Research Plan.  It is not used to identify, locate, or monitor individuals.

b.  Will this system provide the capability to identify, locate, and monitor groups of people?  If yes, explain.

The CRITS does not provide the capability to identify, locate, and monitor groups of people.

c.  What controls will be used to prevent unauthorized monitoring?

This question is not applicable since the CRITS does not monitor individuals or groups.

5. a.  Under which Systems of Record notice (SOR) does the system operate?  Provide number and name.

The CRITS is covered by Treasury/IRS 42.021, Compliance Programs and Projects Files.

b.  If the system is being modified, will the SOR require amendment or revision? Explain.  No 

 

 

 

 

 

 
 


Page Last Reviewed or Updated: November 05, 2008