Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Federal Tax Deposits

 

Privacy Impact Assessment - Federal Tax Deposits

Description of System

This system processes Federal Tax Deposit payments and coupons (Federal Tax Deposit Coupons, Form 8109) made through commercial banks to the Service Centers and passes them to the IRS Martinsburg Computing Center (MCC) for posting to the Business Master File.  A tape is produced for an outside vendor which will be used to generate books of FTD coupons for business taxpayers.  Form 8109 is an OCR scannable coupon that is used by business entitites when making Federal Tax Deposits.  Twenty three (23) personalized coupons are included per booklet, an address change coupon (Form 8109C) and filing instructions. 

Data in the System 

1. Generally describe the information to be used in the system in each of the following categories: Taxpayer, Employee, and Other.

Taxpayer:  Taxpayer entity data, such as name, address, SSN, EIN, is contained on the FTD coupons for the different types of tax forms:

941, Employer’s Quarterly Federal Tax Returns
1041ES, Estimated Tax for Estates and Trusts
1120, U.S. Corporation Income Tax Return
720,  Amended Quarterly Federal Excise Tax Return
943, Employee Annual Federal Tax Return for Agricultural Employees,
CT-1,  Employer’s Annual Railroad Retirement and Unemployment Return
940, Employer’s Annual Federal Unemployment (FUTA) Tax Return
1042,  Annual Withholding Tax Return for U.S. Source Income of Foreign Persons
990C, Farmers’ Cooperative Association Income Tax Return
990T,  Exempt Organization Business Income Tax Return
990PF, Returns of Organizations Exempt From Income Tax
945, Annual Return of Withheld Federal Income Tax

No IRS employee or other data is maintained or processed by the system.

2.a.  What IRS files and databases are used?

Business Master file (BMF)
Integrated Submission and Remittance Processing System (ISRP)
Service Center Recognition/Image Processing System (SCRIPS),
Federal Reserve Bank via the Bulkdata Electronic File Transfer System (BEFT)
Submission Processing Centers (SPC)
Federal Reserve Bank via the Bulkdata Transfer System
End of Day Processing (EOD) 
EIN Research and Assignment System (ERA via IDRS)
Data Controls in the SPC
National Account Profile (NAP)

Taxpayer entity information like Employer Identifying Numbers (EIN), Name controls, and filing requirements are researched by the FTD system on the National Account Profile (NAP) system.  This data is used to validate entity information on the FTD coupons. 

Taxpayer Information File (TIF): IRS database containing taxpayer information.
Area of the IRS database that contains information used to validate FTD payments and mailing address information used to request FTD payment coupons.

2.b.  What Federal Agencies are providing data for use in the system?
 
Only the Federal Reserve Banks supply FTDs with verification data.

2.c.  What State and Local Agencies are providing data for use in the system?  None.

2.d.  From what other third party sources will data be collected?  None.

2.e.  What information will be collected from the taxpayer/employee?
 
The FTD system collects the following taxpayer FTD coupon and tax related information from taxpayers: TIN  (EIN or SSN) and address information.

3.a.  How will the data collected from sources other than IRS records and the taxpayers be verified for accuracy?

This data is processed through a series of validations. 

3.b.  How will data be checked for completeness?

If there are missing items once this data has been processed through all of the validations, the FTD Unit along with other units in the service center (Accounting, etc.) will take the necessary steps to research and complete the needed information, including contacting the taxpayer, if necessary.

3.c.  Is the data current?  How do you know?

FTD data is processed by tax period.   When tax periods are not field FTD Units will complete the research needed to update the taxpayer’s account, including contacting the taxpayer, if necessary.

4.  Are the data elements described in detail and documented?  If yes, what is the name of the document?

Yes.  All FTD data elements are documented in the following Functional Specification Packages ad (FSPs) and Computer Program Books (CPBs), dated May-June, 2003 for January 2004 Operations:

1.30.00.01 Federal Tax Deposit – FTD Mainline System
1.30.00.02 Federal Tax Deposit – FTD Mainline System
1.30.00.03 Federal Tax Deposit – FTD Mainline System
1.30.10.00 FTD Variance System
1.30.20.00 FTD Supplemental Issuance
1.30.40.00 FTDER Processing
1.05.04.17 FTRQ Processing
1.80.00.00 ABC Label Generation

Access to the Data

1.  Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

IRS E-File Help Desk Personnel:
Help Desk Personnel provide support to programmers, management, customer service representatives, product assurance analysts and field personnel.
 
IRS FTD Unit Personnel:
FTD Unit personnel correct errors identified by the FTD Systems.  As an aid to correcting the problem, the FTD unit personnel, (including management) accesses the FTD data using several command codes.  There are several different areas that view any number of FTD reports that contain various taxpayer data, including ISRP, SCRIPS, RACS, etc.

IRS Customer Service Representatives:
Customer Service Reps view reports, data and validation results.   Customer Service Representatives work with service center personnel to handle taxpayer inquiries.[Z2]

IRS Managers:
Managers of the above types of employees have the same level of access to data as their employees.  Managers can also access FTD report data.

System Administrators:
System Administrators will have access to FTD to perform scheduled maintenance and other regular administrator duties.   

Database Administrators:
Database Administrators will have access to FTD to perform regular database maintenance duties. 

2.  How is access to the data by a user determined? 

Access is determined by functional business needs.   

2. a. Are criteria, procedures, controls, and responsibilities regarding access documented?

Yes.   All IRS functional areas operate within strict and enforced guidelines surrounding access needs, authorization and control.   Systemic audit trails exist where applicable and audit reports are reviewed by management in the functional business units.

3.  Will users have access to all data on the system or will the user's access be restricted?  Explain.

User access will be restricted.  All user access is role based.

4.  What controls are in place to prevent the misuse (e.g. browsing) of data by those having access?

There are no browsing applications in place for accessing payment data in the FTD system.  Otherwise, the IDRS system contains two FTD on-line command codes that have specific browse and update functionality.  There are internal systemic audit trails in effect for all IDRS command codes, and management is provided with audit reports for action as necessary.

5.a   Do other systems share data or have access to data in this system?  If yes, explain.

Yes.  The Service Center Recognition/Image Processing System (SCRIPS) scans the coupons and creates a file for FTDs to input and process.  ISRP views the marked up reports and other forms to key data from for corrections, etc.  Masterfile creates an update file weekly for input to the FTD System.  

5.b.  Who will be responsible for protecting the privacy rights of the taxpayers and employees affected by the interface?

The owners and business users of the interfacing systems are responsible for protecting taxpayer and employee rights under the following guidelines:

Section 6713 of the Internal Revenue Code establishes civil penalties for unauthorized disclosure or use of tax return information.
   
Section 301.7701-15 and Revenue Ruling 85-189 establish penalties for EROs, Intermediate Service Providers, Transmitters, and products of a software developer that alters the return information.

6.a.  Will other agencies share data or have access to data in this system (International, Federal, State, Local, Other)?  No.

6.b.  How will the data be used by the agency?  Not applicable. as stated above.

6.c. Who is responsible for assuring proper use of the data?  Not applicable. as stated above.

6.d. How will the system ensure that agencies only get the information they are entitled to under IRC 6103?  Not applicable. as stated above.

Attributes of the Data

1.  Is the use of the data both relevant and necessary to the purpose for which the system is being designed?

Yes.  All data processed, collected, and stored on the FTD system is relevant and necessary. The system is responsible for receiving, validating, and processing federal tax deposits; supporting IRS employees who need access to the data; and generating statistical and summary report data that is used by IRS management to review programs and make decisions.

2.a. Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected?  No.

2.b. Will the new data be placed in the individual’s record (taxpayer or employee)?  Not applicable as stated above.

2.c. Can the system make determinations about taxpayers or employees that would not be possible without the new data?  No.

2.d. How will the data be verified for relevance and accuracy?

All consolidated data is aggregated from received taxpayer data.  Since FTD accepts tax data that passes certain validation and follows certain business rules, the aggregate must also be current, accurate, and relevant.

3.a If the data is being consolidated, what controls are in place to protect the data and prevent unauthorized access?  Explain.

This is not applicable to the FTD system.

3.b If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access?  Explain.

The scheduled IDRS TIF consolidation is retaining the same data protections as those which exist in the current TIF.

4. How will the data be retrieved? Can it be retrieved by personal identifier? If yes, explain.

Yes, authorized employees can retrieve and view taxpayer data using the FTD command codes. Service center personnel, and customer service representatives must all be able to view taxpayer data.  All requests for data, and responses, are recorded in systemic audit trails that are provided for management review and due process. 

4. a.  What are the potential effects on the due process rights of taxpayers and employees of:

a. Consolidation and linkage of files and systems;

FTD does not consolidate data. Systemic changes are transparent to taxpayers and employees, and they are kept within privacy and disclosure guidelines.

b. Derivation of data;

No FTD derived summary and statistical data can be traced back to the originally transmitted taxpayer data.  FTD does not maintain or process any employee data.

c. Accelerated information processing and decision making;

IRS processing center management use FTD summary data to make decisions involving processing volume and error resolution.  IRS accounting personnel in the processing centers use FTD summary data to account for remittances. No harmful effects can result from the use of FTD data in this manner.

d. Use of new technologies;

The use of new technologies will not create new needs to protect the data, as access will remain constrained to secured IRS and FDB computer systems and authorized business users.

How are the effects to be mitigated?

Per the above, there will be no situation where mitigation will be necessary.

Maintenance of Administrative Controls

1.a.  Explain how the system and its use will ensure equitable treatment of taxpayers and employees.

The system exists for the purpose of posting taxpayer payments to their respective accounts as quickly and as accurately as possible, and for administering FTD coupons as quickly and as accurate as possible.

The FTD system does not process employee data, nor does it apply to the treatment of employees.

1.b. If the system is operated in more than one site, how will consistent use of the system be maintained at all sites?

The FTD system employs identical batch programs for use at all processing sites.   The FTD processing stream is designed for a specific execution sequence.   Deviations in application execution will result in highly visible negative results.

1.c. Explain any possibility of disparate treatment of individuals or groups.

Systemic errors and operational errors will result in highly visible negative results, internally.  If this occurs, applications developers and or business users take immediate action to correct and reprocess data as necessary before there is an impact on taxpayers.

2.a. What are the retention periods of data in this system?

Retentions periods for the following data apply:
Database:
Retention Period: 3 years.
Authorizing Source:  Revenue & Non-Masterfile Section, S:CAS:SP:PPR

2.b. What are the procedures for eliminating the data at the end of the retention period?  Where are the procedures documented?

The Computing centers (MCC/TCC) are responsible for erasing tapes or deleting files at the end of the retention periods.  The procedures are documented in the Computer Operators handbooks (COH).

2.c. While the data is retained in the system, what are the requirements for determining if the data is still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?

Not applicable to FTD.  Payment data is posted to taxpayer accounts to permanently reconcile tax liabilities, and the FTD coupons are administered to facilitate continued taxpayer care and service.

3.a Is the system using technologies in ways that the IRS has not previously employed (e.g. Caller-ID)?  No.

3.b How does the use of this technology affect taxpayer/employee privacy?

Risks for potential disclosure exist.  However, IRS infrastructure and application architects have implemented safeguards: firewalls to defend against network attacks, encryption to protect data from unauthorized viewing, virus software to scan data for potential virus and worm attacks, logins and passwords to enforce user authorization, roles based access to restrict access to data to authentic users, and audit trails to record all user transactions.

4.a Will this system provide the capability to identify, locate, and monitor individuals?  If yes, explain.

No.  FTD is not designed to identify, track, locate, or monitor individuals. 

4.b. Will this system provide the capability to identify, locate, and monitor groups of people?  If yes, explain.

No.  FTD is not designed to identify, locate, and monitor groups of people.

4.c. What controls will be used to prevent unauthorized monitoring?

FTD file access is restricted to authorized applications development staff and to authorized computing center operations staff and customer service staffs through internal controls which include audit trails.   In addition, IT management is held to the standards and guidelines developed for protection of taxpayer data, protection of computer processing systems and protection of computer equipment as defined in the following documents:

IRM 25.10. - Federal Information Security Management Act (FISMA) of 2002
Treasury Directive TD 85-01, Volume I Policy, Part 1 Sensitive Systems, Section 2.4b.
IRM 1.4.6.1(3) Managers Security Handbook
IRM 25.10.1.3.11(1)
Draft LEM 25.10.10.3.2.3 Unisys Operating System Security Standards
IRM 25.10.1.5.12.1 Physical and Environmental Security
IRM 1.16.8.2.10 Service Center Protective Measures
LEM 25.10.4.3.2.1(2) Resource Access Control Facility
IRM Part 2 Chapter 7 Information Technology Services (ITS) Operations, Sections 1 and 2.

5.a Under which Systems of Record notice (SOR) does the system operate?  Provide number and name.

Treasury/IRS 34.037 IRS Audit Trail and Security Records.
Treasury/IRS 24.046 – CADE Business Master File (BMF)

5.b. If the system is being modified, will the SOR require amendment or revision? Explain  No.
 


Page Last Reviewed or Updated: December 10, 2004