Privacy Impact Assessment -- Service Wide Employment Tax Research System (SWETRS)
SWETRS System Overview
This system once operational, will be used to provide a means to monitor, compare and evaluate information related to special programs, issues and projects that identify areas of Employment Tax non-compliance. Using this information, available efforts can be focused on the more significant non-compliance issues. Certain records in this system may be used to select businesses or individuals for compliance actions. The system is considered a “prototype” for the Small Business Self-Employee Business Unit Compliance Improvement Project #27. A new or revised PIA will be submitted when this system goes live to consider any substantive changes to sensitive but unclassified data being collected.
System of Records Number(s)
Treasury/IRS 42.01 Compliance Programs and Projects Files-Treasury/IRS
Treasury/IRS 34.037 IRS Audit Trail and Security Records System
Data in the System
1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)
A. Taxpayer:
(SSN) Social Security Number
(EIN) Employer Identification Number
(ITIN) Individual Taxpayer Identification
Number, Name, Address, City, State
Zip Code
B. IRS Employee:
Name, Title / Position, Grade, Work Address, City, State, Zip Code,
Work Phone number, Group number
The user’s logon, pages visited, queries submitted etc. is recorded in the same fashion as when accessing IDRS for the audit trail.
C. Audit Trail:
Access privileges within the system is granted based on job function need and is authorized by appropriate IRS management via Form 5081, Information System User Registration/Change Request. The system the user uses collects employee login information. SWETRS will also collect the user's E-Mail address, Date of activity (add/edit), Data accessed, Data changed, Data added.
D. Other: None
2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)
A. IRS: Sensitive But Unclassified identifying data such as Name, SSN, EIN, ITIN, Address, City, State, Zip code from forms: 940, 941, 943, 945, CT-1, CT-2, 1120S
8027, W-2, W-2G, W-3, W-4's, Notice 972, Notice 2100, 1099-MISC, 1099-DIV, 1099-INT, 1099-PATR, 1099-OID, 1099-B, SSA 7000 / 7010, determinations, CBRS cash transactions, EOAD issue tracking, SS-8 Determinations
CSP Agreements, Tip Reporting Agreements.
B. Taxpayer: None
C. IRS Employee: IRS employees who use the system: Name, User Name, Title / Position, Grade, Work Address, City, State, Zip Code, Work Phone number, Group number.
D. Other Federal Agencies. None
E. State and Local Agencies. None
F. Other third party sources. None
3. Is each data item required for the business purpose of the system? Explain.
Yes. Each data item is necessary to perform a required business action (add, edit, update etc.)
4. How will each data item be verified for accuracy, timeliness, and completeness?
Most of files are pre-processed using existing methods of verification by the IRS function responsible for it. Any additional information through user input is verified through programming to trap errors before the item is submitted. The timeliness and accuracy of the information is again reviewed during classification and case building before assignment.
5. Is there another source for the data? Explain how that source is or is not used.
No. This system is designed to house dissimilar documents all relating to an Employment Tax issue or taxpayer obligation. Dissimilar documents include IRS documents as well as documents not found in any IRS database still remaining in paper form such as contractual agreements. A contractual agreement is between the IRS and an employer, and sometimes an individual worker. Employers have agreements whereby they promise to begin compliance with employment tax obligations, or perform certain acts to promote compliance of their employees on a future date and continuing unless certain facts change. These agreements are monitored for compliance purposes and when the system identifies that the employer has stopped performing the tasks, contact is made. A worker (for tipping compliance) designates themselves as participating or not participating in the agreement made with their employer. Again, these are monitored for compliance with the terms of the agreement.
Although not a contractual “agreement”, an SS8 determination letter is an official notice to an employer covering past, present and future time periods concerning their employment tax obligations. It was originally called a District Determination Letter based upon facts, law, arguments, testimony and conclusions of the Service similar to private letter rulings issued by IRS counsel.
6. Generally, how will data be retrieved by the user?
This is a web-based system where authorized users can add, edit, view and download information in summary or by specific records for use in their examinations.
7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?
Yes. The taxpayer's EIN and SSN information is the core of the system. EIN document retrieval is primary, but SSN taxpayer documents are also used during examinations.
It is not planned to retrieve information by a personal identifier of a user of the system unless there is a need to do so using the audit trail. However it will be common practice for a user to retrieve records and identify another user that has added those records or are coordinators of sub-programs as the point of contact.
Access to the Data
8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?
IRS users, managers, System Administrators, and Programmers. No public access will be allowed. No outside contractors will have access.
9. How is access to the data by a user determined and by whom?
Access to the data is determined by the manager based on a user’s position and need-to-know. The manager will request a user be added. They must fill out Form 5081, Information System User Registration/Change Request, to request access to the application. A user’s access to the data terminates when it is no longer required. Criteria, procedures, controls, and responsibilities regarding access are documented in the Information Systems Security Rules on Form 5081.
10. Do other IRS systems provide, receive, or share data in the system? If YES, list the system(s) and describe which data is shared. If NO, continue to Question 12.
Other IRS systems provide the data for SWETRS as extracts. See listing above
11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?
IMF, BMF records are included in CADE the IRS Modernization of Tax Systems. CADE has been Certified as it enters and exits each milestone.
12. Will other agencies provide, receive, or share data in any form with this system?
As stated above, extracts of data is received from other IRS systems, but SWETRS collective data will not be shared with any other agency systems.
13. What are the procedures for eliminating the data at the end of the retention period?
Records will be disposed of in accordance with the Records Disposition Handbook for Compliance programs and projects. Normally, return information is kept for a 5 year period. Various contractual agreements and determinations remain in effect until terminated or amended, and could be maintained indefinitely.
14. Will this system use technology in a new way? If "YES" describe. If "NO" go to Question 15. No.
15. Will this system be used to identify or locate individuals or groups? If so, describe the business purpose for this capability.
Yes. Industries and specific groups of individuals have entered into agreements with the Service. Those participating employers and workers must be monitored for their adherence to the terms of the agreements. Those not participating or unaware of the benefits of such agreements are then the subject of outreach and educational programs to foster compliance with the tax laws.
16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.
Yes. Industries and specific groups of individuals have specific obligations under the Employment Tax laws. Compliance Policy guidelines require monitoring of these obligations to identify noncompliance, and possible enforcement action.
17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently? Explain.
Yes. It is the inherent nature of the complex Employment Tax laws that treat different job categories and workers in different industries differently. All are treated fairly, and according to laws, regulations, and requirements of ethics.
18. Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?
Yes. Data concerning "individual workers" i.e. W-2 and W-4 information has already been processed by other functions within the IRS, and their due process rights to address and correct information has been previously given.
As for employer information, contact with the taxpayer will always be made, and the information verified through the examination process. And at that time, more due process rights are afforded.
The purpose of SWETRS is to identify cases for examination. Once the examination is in process the taxpayer can provide correcting information.
19. If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?
This system is a web-based application and does not use persistent cookies.
|
