Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Customer Communications Interactive Processor

 

Privacy Impact Assessment  – Customer Communications Interactive Processor (CC-IP)

CC-IP System Overview

The Customer Communications Interactive Processor (CC IP) will replace the Telephone Routing Interactive System (TRIS).  The purpose of CC IP is to retrieve data from storage when taxpayers call in seeking information.  The retrieved data is then available for queries by the taxpayer made over the telephone by pressing buttons.

System of Record Number(s)

Treasury/IRS 00.001--Correspondence Files (including Stakeholder Relationship
files) and Correspondence Control Files
Treasury/IRS 22.054--Subsidiary Accounting Files
Treasury/IRS 22.061--Individual Return Master File (IRMF)
Treasury/IRS 22.062 Electronic Filing Records
Treasury/IRS 24.013--Combined Account Number File, Taxpayer Services
Treasury/IRS 24.029--Individual Account Number File (IANF)
Treasury/IRS 24.030--CADE Individual Master File (IMF), (Formerly: Individual
Master File (IMF))
Treasury/IRS 34.020--IRS Audit Trail Lead Analysis System (ATLAS)
Treasury/IRS 34.037--IRS Audit Trail and Security Records System

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:

A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

Taxpayer Data:

The taxpayer data accessed by the CC IP is the data that is found in the Internal Revenue Service's (IRS) records.  It consists of data that is kept in the Individual Master File's (IMF) databases or in some cases data supplied by the taxpayer during the phone or web session.  The data used consists of the Taxpayer Information Number (TIN), Personal Identification Number (PIN), taxpayer's address and filing status.  In the refund applications CC IP looks at the refund amounts in the taxpayer's account; in the view credit and view debit applications amounts credited and/or debited to the account are checked; in the payoff application the total amount owed is calculated.  In the transcript application the taxpayer requests a copy of his/her tax return and/or account for a specific year.  The requested documents are then sent to the taxpayer at the address on record.  In the voice balance due application the taxpayer is asked to supply information to set up a payment plan; the requested information consists of a monthly payment amount and the length of time over which the payments are to be spread.  (Table 1-1 contains the complete list of taxpayer data elements).

Employee Data:  None

Audit Trail Data:

The security audit system tracks elements such as login ID, login date/time, logout date/time, files/directories accessed, attempted security violations, etc. of all technical support staff and system administrators of the CC IP.

Data from system audit and monitoring files will be used to measure system performance including availability, reliability, usability, and resource usage.
Additional audit trail data is captured to monitor system access at the operating system level.  This security audit data is gathered by the commercial off the shelf security auditing capability provided with the operating system.  Data gathered by the security audit system includes elements such as login ID, login date/time, logout date/time, files/directories accessed, attempted security violations, etc.  Access to and maintenance of security audit data is described in trusted facility manuals for the CC IP.  (Table 1-2 contains the complete list of audit trail data elements).

Other Data:
Data elements used for programming business logic, technical debugging information and Management Information are also contained within the system.  (Table 1-3 contains the complete list of other data elements).

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.

A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

The Individual Master File (IMF), Corporate Files on Line/National Account Profile (CFOL/NAP), Refund Information File/Fact of Filing (REF/FOF), National Accounts Index (NAI), the Taxpayer Information File (TIF) and Individual Return Transaction File (IRTF) databases are used.  (Table 2-1 contains the listing of data elements and their source).

3.  Is each data item required for the business purpose of the system?  Explain.

The CC IP serves as the data access bridge between the Integrated Data Retrieval System (IDRS) and the Web Servers and Voice Response Units within the Integrated Customer Communications Environment (ICCE) Project.  Each of the Command Codes listed in Table 3-1 returns many data elements to the CC IP from IDRS that are not used by any application.  It should be noted that only a sub-set of the data elements listed in Table 1-1 are forwarded from the CC IP to the VRU and Web servers.  IDRS Command Code data elements are cached on the CC IP in order to reduce network traffic between the CC IP and IDRS, and they are eliminated from the CC IP when the next customer transaction using the same channel is initiated.  (Table 3-1 contains a list of IDRS command codes used by each application on the CC IP).

The data retrieved from Integrated Data Retrieval System (IDRS), Corporate Files On-Line (CFOL), the Taxpayer Information File (TIF) and the National Account Profile (NAP) is required in order to provide the information requested by the customer.

4. How will each data item be verified for accuracy, timeliness, and completeness?

Data retrieved from the Integrated Data Retrieval System (IDRS), Corporate Files On-Line (CFOL), the Taxpayer Information File (TIF) and the National Account Profile (NAP) is deemed reliable and accurate.  Other than integrity checks for transmission errors, the CC IP does not verify accuracy, timeliness, or completeness of this data.

ZIP code data provided by the United State Postal Service is not verified for accuracy, timeliness, or completeness.  Integrity checks are performed on the data to verify that the data is not inherently corrupt.

5. Is there another source for the data?  Explain how that source is or is not used.

There are no other sources for the data being used by the CC IP.
 
6. Generally, how will data be retrieved by the user? 

Data is retrieved by the customer via telephone or web browser.  Customer information is collected via Dual-Tone Multi-Frequency™ (Touch-Tone), speech recognition or website data entry from IRS Voice Response Units or web servers.

Once the Voice Response Units or web servers determine that account data is necessary to complete the request, the VRU or web server formats a TCP/IP data request to the CC IP, and the CC IP uses the information contained in the request in order to issue the appropriate IDRS command code in order to provide the VRU or web server with the appropriate account information.  The Voice Response Units and web servers are outside of scope of this risk assessment.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? 

For most VRU applications, customers are able to retrieve their data by successfully entering their SSNs and Personal Identification Numbers.  The system will send an automatic confirmation letter to the taxpayer upon any changes to a PIN (creation, modification or deletion).  The Refund VRU application, however, requires the caller to enter his/her SSN, filing status and the expected amount of refund due before accessing refund information.  After a certain number of unsuccessful identification attempts, the caller is automatically transferred to a live Customer Service Representative (CSR). 

The IRFOF/IRACTC application uses the same Identification and Authentication (I&A) methodologies as the VRU Refund Inquiry application.  The taxpayer must input his/her Social Security Number (SSN), his/her filing status and the expected amount of refund due before they will be provided the status of their refund.   Authentication failure occurs when the taxpayer fails to enter a valid set of I&A credentials.

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Application Administrators as defined for CC IP are Customer Communications technical support staff who provide troubleshooting assistance to IRS campus System Administrators.  Access to CC IP is controlled via user id/password identification and authentication methods. The IRS OL-5081 process is used to control access to the CC IP.

Systems Administrators typically have root or supervisor privileges as part of their job duties in maintaining and configuring systems. Consequently the SA’s will have access to all CC IP data.

9. How is access to the data by a user determined and by whom? 

Application Administrators as defined for CC IP are Customer Communications technical support staff who provide troubleshooting assistance to IRS campus System Administrators.  Access to CC IP is controlled via user id/password identification and authentication methods. The IRS OL-5081 process is used to control access to the CC IP.

System Administrators – SA’s typically have root or supervisor privileges as part of their job duties in maintaining and configuring systems. Consequently the SA’s will have access to all CC IP data.

Vendor Maintenance Staff – Vendor maintenance staff have access to CC IP directly controlled by System Administration personnel.

An IRS employee or contractor user’s position and “need-to-know” determine the type of access to the data.  The manager, functional security coordinator, and the system administrator/security officer grant approval for system access.  A user’s access to the data terminates when it is no longer required.  Criteria, procedures, controls and responsibilities regarding access are documented in the CC IP’s Security Features User’s Guides and Trusted Facility Manuals.

The following mandatory rules are defined for users of IRS computer and information systems:

* Users are forbidden to access, research, or change any account, file, record, or application that is not required to perform official duties.

* Users are restricted to accessing, researching or changing only accounts, files, records or applications that are required to perform their official duties.

* Users are restricted from accessing their individual/spouse account, accounts of relatives, friends, neighbors, or any account in which the user has a personal or financial interest. Users are restricted from accessing the accounts of a famous or public person unless given authorization.

* If asked to access an account or other sensitive or private information, users are required to verify that the request is authorized and valid. Users will be held accountable if they access an unauthorized account.

* Users are required to protect passwords from disclosure, and to refuse acceptance of passwords that are not delivered in a sealed envelope. Users are required to log/sign off anytime they leave the computer or terminal.

* Users are required to retrieve all hard copy printouts in a timely manner, and to ensure that magnetic media is secured based on the sensitivity of the information contained, and that they will practice proper labeling procedures. Users are instructed not to disclose or discuss any IRS-related information with unauthorized individuals.

* All vendors are escorted and monitored by an IRS employee at all times.

The CC IP applications within the IRS campuses and MCC will allow access to the data by System Administrators (SA’s and computer operators with backup privileges and other privileges that allow data access in compliance with IRS privacy standards.)

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

CC IP retrieves and updates taxpayer account information on the IRS databases.  (IMF, CFOL/NAP, REF/FOF, NAI and IRTF files/databases).  National level call logging data is forwarded from the CC IP to the CC Data Repository on a daily basis.  This data is used for statistical reporting and capacity planning purposes.

Management Information System (MIS) data containing national level roll ups of statistical information is forwarded to the CC MIS server and is presented to business analysts via un-encrypted web browser.  It should be noted that roll up data and MIS reports do not contain SBU information.

Management Action Report (MAR) data is generated by the CC IP when human intervention is required due to failure of the automated system to update IDRS appropriately.  MAR data from all CC IP’s is also forwarded to the CC MIS system, where the information is provided, via Secure Socket Layer (SSL) web interface, to the business analyst(s) who have been identified to make manual IDRS updates.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?

No.  Privacy Impact Assessments for CC MIS and the CC Data Repository are being written.

12.  Will other agencies provide, receive, or share data in any form with this system?

Yes.  Data from the system can be shared with the Office of Treasury Inspector General for Tax Administration TIGTA and the GAO when proper procedures have been followed in order to obtain the information for law enforcement or audit purposes.  No data connections exist for this purpose; data must be manually extracted and forwarded.

13.  What are the procedures for eliminating the data at the end of the retention period?

Data that is retained in audit logs will remain on the CC IPs until eliminated by the System Administrator (SA). The SA uses log management software (commercial off-the-shelf and custom) to purge audit data. Using the log management software, the SA is able to manually eliminate data from the system or have data automatically removed using a specified timeframe for elimination (e.g. data that is 90 days or older).

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO", go to Question 15.  No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.

The data contained in the system is not designed to identify or locate individuals or groups; however, the system does contain information that could be used for this purpose.  At present, system data has been manually extracted and forwarded to TIGTA on two occasions for law enforcement purposes.  It should be noted that even TIGTA is required to follow proper agency information request procedures for obtaining information.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.

Security Audit data gathered by Systems Administrators and other security personnel that could be used to investigate and/or monitor employee actions for criminal investigation purposes include:
* Login ID
* Login Date/Time
* Logout Date/Time
* System Object (files, directories, etc.) Access Attempts

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.

Use of the CC IP does not allow the IRS to treat taxpayers differently.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

The CC IP does not make determinations leading to final action.  All actions performed by the automated system can be overridden by a Customer Service Representative.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?

While the CC IP receives account data requests from, and provides account data responses to the public IRS web servers, the CC IP itself is not a web-based system.
 


Page Last Reviewed or Updated: November 04, 2004