Privacy Impact Assessment - Electronic Tax Law Assistance System
(ETLA)
I. Data in the System
The public IRS web site on the internet at www.IRS.gov allows taxpayers to submit tax law questions. At regular intervals (currently every 5 minutes) these questions are ftp’d to one of the ETLA servers at the Austin Service Center (AUSC) in Texas. The questions are then loaded into the ETLA database. Any programs and processing involved with these taxpayer questions that takes place on the IRS public web site are the responsibility of Accenture and are outside of the scope of the ETLA application.
The IRS MailMan Version 6.0 is the application interface software package that the IRS assistors use to communicate from their PC to get into the ETLA system to access and answer questions. MailMan is IRS proprietary software, developed for the IRS in conjunction with Web Systems Integration, Inc. (WebSys, Inc.), from Cold Fusion, SQL, and HTML Commercial Off-The-Shelf (COTS) components. It resides on the Dell Poweredge ETLA servers a the Austin Service Center in (AUSC), and is written in Cold Fusion 4.1. The application is a customized software product that produces Internet screens dynamically, based on the database contents, and allows Customer Service Representatives (CSRs) to respond to questions, change their passwords, produce reports, etc. It imports questions into tables, and maintains the queue, the history files, and other data. The ETLA servers use the Microsoft Windows NT Server Enterprise Edition 4.0 operating system with Service Pack 6 and IIS 4.0 web-server software to manage the HTTP sessions with the end users.
The standard workstations used to access the system run Microsoft Windows NT 4.0 with Service Pack 4 or higher and access ETLA using their web browser, usually Internet Explorer 4.0 or higher. Symantec AntiVirus is implemented.
1. Generally describe the information to be used in the system in each of the following categories:
* Taxpayer: Taxpayer tax law or procedural questions and their email address, for the purpose of responding to the taxpayer question via email.
* Employee: Badge number, title (i.e., Mr., Ms., Mrs.), Customer Service Representatives (CSRs) login, password, system permissions (system functions they can perform), first name, last name, and site at which they are located. What is CSR? Please spell out acronyms?
* Other: Email service provider based on the email address provided.
2. What are the sources of the information in the system?
Taxpayer questions and email addresses are submitted by the taxpayer via the IRS website. No information is secured internally from other systems of record.
a. What IRS files and databases are used?
The ETLA application maintains its data in the ETLA SQL database on servers at the in Austin Service Center in Texas. – This database consists of data supplied by taxpayers as collected via FTP download from the public IRS web site at www.IRS.gov. and additional inventory tracking data elements to ensure that each question is answered.
b. What Federal Agencies are providing data for use in the system?
None – ETLA does not receive data from other Federal Agencies.
c. What State and Local Agencies are providing data for use in the system?
None – ETLA does not receive data from state and local agencies.
d. From what other third party sources will data be collected?
Taxpayer email provider supplied as part of their email address. There is no interface between the IRS and the email provider to obtain any additional information.
e. What information will be collected from the taxpayer/employee?
* Taypayer – Tax law or procedural questions and their email address is collected and retained for the purpose of responding to the taxpayer questions.
* Employee – username, password, full name, telephone number, badge number, and the location from which the employee will logon to the system.
3. a. How will data collected from sources other than IRS records and the taxpayer be verified for accuracy? Not Applicable.
b. How will data be checked for completeness? Not Applicable.
c. Is the data current? How do you know? Not Applicable.
4. Are the data elements described in detail and documented? If yes, what is the name of the document? Yes, Thethe data elements are described in the user manual ( called “Mailman” User Manual).
The data elements for taxpayer questions consist of:
ID – Unique numeric identifier
Recdttm – The date and time the question was submitted
Cat – Identifies the general category the question relates to.
Eadd – The taxpayers email address
Qstn – The taxpayers question
Csr – Identifies the Customer Service Representative (CSR) that answers the question
Reply – Is the answer provided to the taxpayer
Ansdttm – The date and time the answer was sent to the taxpayer
The data elements for the Customer Service Representatives (CSRs) accounts consist of:
ID unique numeric identifier
Unam – CSR login
Upas – Account password for this account
Lname – CSR last name
Fname – CSR first name
Logindttm – Date and time of last login activity
Actiondttm – Date and time of last activity within the application
Title – Mr, Mrs, Ms. Etc as appropriate
EmpId – The IRS employee’s badge number
Dttm – Date the account was setup
Tel – CSRs telephone number
POD – CSRs Post of Duty
Site – Identifies the working group for this CSR
Addmsg – allow add message
Resp – allow answer message
Eadd – allow updates to the email address data element
Stat – allow view statistics
Manu – allow manage user account
II. Access to the Data
1. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Other)?
Users, Managers, and System Administrators with valid ETLA logins and passwords. TIGTA and GAO representatives will have access during system audits.
2. How is access to the data by a user determined? Are criteria, procedures, controls, and responsibilities regarding access documented?
A user’s position and need-to-know determines the type of access to the data. Users and managers must prepare an Online form 5081 the users manager must sign the Online 5081form 5081 (which is reviewed by a System Administrator) in order to assignto get a login USERID, users are and are assigned only those system permissions they granted via the 5081 signed by their manager.need to perform their jobs. A user’s access to the data terminates when it is no longer required.
The following mandatory rules are defined for users of IRS computer and information systems:
* Users are forbidden to access, research, or change any account, file, record, or application that is not required to perform official duties.
* Users are restricted to accessing, researching, or changing only accounts, files, records, or applications that are required to perform their official duties.
* Users are required to protect passwords from disclosure, and to refuse acceptance of passwords that are not delivered in a sealed envelope. Users are required to log/sign off anytime they leave the computer or terminal.
* Users are required to retrieve all hard copy printouts in a timely manner, and to ensure that magnetic media is secured based on the sensitivity of the information contained, and that they will practice proper labeling procedures. Users are instructed not to disclose or discuss any IRS-related information with unauthorized individuals.
* Users are instructed to protect the following from disclosure:
* Telephone numbers.
* Procedures that permit system access from a remote site.
* All Vendors are to be escorted and monitored.
The ETLA System platform requires users to identify themselves and provide proof of their identity by USERIDs and passwords. USERIDs are unique to each user.
3. Will users have access to all data on the system or will the user’s access be restricted? Explain.
* No – User access is restricted by the user’s manager via the on-line 5081 process.
4. What controls are in place to prevent the misuse (e.g. browsing) of data by those having access?
The Customer Service Representatives (CSRs) are allowed to “browse” through the queue of questions submitted by taxpayers. These questions do not contain account sensitive information only tax law questions are asked, no sensitive taxpayer information is available to the CSRs. The CSR is instructed to attempt to answer the oldest questions first.
5. a. Do other systems share data or have access to data in this system? If yes, explain.
No – No other systems have access to ETLA data. The ETLA System does not share data with any other IRS system. ETLA data is provided by a periodic FTP download from the public IRS web site at www.IRS.gov.
b. Who will be responsible for protecting the privacy rights of the taxpayers and employees affected by the interface?
Not Applicable – ETLA data is obtained using a one-way incoming FTP transfer.
6. a. Will other agencies share data or have access to data in this system (International, Federal, State, Local, Other)?
No – Other agencies will not have access to ETLA System data. If TIGTA or GAO need to access this data they must submit specific requests through the appropriate channels.
b. How will the data be used by the agency? Not Applicable
c. Who is responsible for assuring proper use of the data?
Responses to taxpayer questions via the ETLA application are routinely reviewed for accuracy.
d. How will the system ensure that agencies only get the information they are entitled to under IRC 6103?
Not Applicable – No other agencies access the data.
III. Attributes of the Data
1. Is the use of the data both relevant and necessary to the purpose for which the system is being designed?
Yes – Taxpayer questions and email addresses collected are necessary to respond to taxpayer tax law/procedural questions.
2. a. Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected?
No – The ETLA System does not derive any new data about taxpayers.
b. Will the new data be placed in the individual’s record (taxpayer or employee)? Not Applicable.
c. Can the system make determinations about taxpayers or employees that would not be possible without the new data? Not Applicable.
d. How will the new data be verified for relevance and accuracy?
Not Applicable. Taxpayer questions submitted via the public IRS web site at www.IRS.gov are accepted and responded to without any verification that the taxpayer was accurate in their portrayal of their particular tax law or procedural scenario. Within the response to the taxpayer standard phraseology is included suggesting that if they have further questions they can submit them by phone or by using the public IRS web site.
3. a. If data is being consolidated, what controls are in place to protect the data from unauthorized access or use?
Not Applicable – Data is not being consolidated.
b. If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access? Explain.
Not Applicable – No processes are being consolidated within the ETLA System.
5. How will the data be retrieved? Can it be retrieved by personal identifier? If yes, explain.
The questions are retained in a queue until they are answered (the queue is worked First-In-First-Out (FIFO)). A copy of the question and answer is retained in a history file. It is retrievable by a unique sequential message number. A search function has been incorporated which allows users to retrieve emails by email address. This allows users to find prior emails sent by a taxpayer for reference in follow-up emails related to the same issue.
What are the potential effects on the due process rights of taxpayers and employees of:
a. consolidation and linkage of files and systems;
None – ETLA does not perform consolidation and linkage of files and systems.
b. derivation of data;
None – ETLA does not perform derivation of data.
c. accelerated information processing and decision making;
ETLA improves customer service to taxpayers by using technology as a tool to more efficiently respond to tax law and procedural questions.
d. use of new technologies; Not Applicable.
How are the effects to be mitigated? Not Applicable.
IV. Maintenance of Administrative Controls
1. a. Explain how the system and its use will ensure equitable treatment of taxpayers and employees.
The sole purpose of the system is to provide free assistance with tax law questions on a FIFO basis. The system and its data are not used for any other purpose.
The IRS has established the following operational privacy guidelines for the handling of taxpayer information:
* Protecting taxpayer privacy and safeguarding confidential taxpayer information is a public trust.
* No information will be collected or used with respect to taxpayers that are not necessary and relevant for tax administration and other legally mandated or authorized purposes.
* Information will be collected, to the greatest extent practicable, directly from the taxpayer to whom it relates.
* Personally identifiable taxpayer information will be used only for the purpose for which it was collected, unless other uses are specifically authorized or mandated by law.
* Personally identifiable taxpayer information will be disposed of at the end of the retention period required by law or regulation.
* Taxpayer information will be kept confidential and will not be discussed with, nor disclosed to, any person within or outside the IRS other than as authorized by law and in the performance of official duties.
* Browsing, or any unauthorized access of taxpayer information by any IRS employee, constitutes a serious breach of the confidentiality of that information and will not be tolerated.
* Requirements that govern accurate, reliable, complete, and timely taxpayer information will ensure the fair treatment of all taxpayers.
* The privacy rights of taxpayers will be respected at all times and every taxpayer will be treated honestly, fairly, and respectfully.
b. If the system is operated in more than one site, how will consistent use of the system and data be maintained in all sites?
All system files are maintained in the Austin Service Center (AUSC). Users around the country are all given the same training/manual on how to use the system.
c. Explain any possibility of disparate treatment of individuals or groups.
Not Applicable – None identified.
2. a. What are the retention periods of data in this system?
Retention periods for data in the ETLA System follow requirements as described IRM 1.15.1, Records Administration Handbook. The required retention specified by the National Archives and Records Administration (NARA) approved records schedule.
Records are retained for 3 years.
b. What are the procedures for eliminating the data at the end of the retention period? Where are the procedures documented?
Procedures for eliminating data from the ETLA System follow OMB Circular A-130 requirements as described in General Records Schedule (GRS) 20 (IRM 1.15.3, Chapter 20), Electronic Records, IRM 1.15.1, Records Administration Handbook, and IRM 1.15.2, Records Disposition Handbook. Records are deleted at the end of the retention period using an SQL delete query that is ran from within an application Cold Fusion module. The purge procedure is documented within the application module that performs the purge routine.
c. While the data is retained in the system, what are the requirements for determining if the data is still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?
Not Applicable – The ETLA System data is not used to make determinations. Its only use is to assure that taxpayer tax law and procedural questions are answered.
3. a. Is the system using technologies in ways that the IRS has not previously employed (e.g., Caller-ID)? No.
b. How does the use of this technology affect taxpayer/employee privacy? Not Applicable.
4. a. Will this system provide the capability to identify, locate, and monitor individuals? If yes, explain.
No – The ETLA System cannot identify, locate, and monitor individuals. This capability is not within the scope of this system. In the event of unlawful activity on the part of an individual abusing this website, a court order is required to obtain the information required from the taxpayer’s email provider.
b. Will this system provide the capability to identify, locate, and monitor groups of people? If yes, explain.
No – The ETLA System cannot identify, locate, and monitor groups of people. This capability is not within the scope of this system. In the event of unlawful activity on the part of a group abusing this website, a court order is required to obtain the information required from the email provider.
c. What controls will be used to prevent unauthorized monitoring? Not Applicable.
5. a. Under which Systems of Record notice (SOR) does the system operate? Provide number and name.
Treasury/IRS 00.001 Correspondence Files and Correspondence Control Files
b. If the system is being modified, will the SOR require amendment or revision? Explain.
No – Changes to the ETLA System involve updated software versions, upgraded server hardware, and increased number of servers sharing system processing load. These changes reflect system functional changes to improve MIS and user productivity; however, no changes have been made concerning the data collected from the taxpayer or the way in which it is used. The sole purpose of the system is to provide assistance to taxpayers regarding tax law and procedural questions.
Access to ETLA will be accomplished from any IRS location with Intranet access via Windows NT laptop and desktop workstations. Paragraph 4.c.(1)(d) of Appendix I to OMB A-130 addresses New and Altered System of Records Report as follows:
“A change to equipment configuration (either hardware or software) that creates substantially greater access to the records in the system of records. For example, locating interactive terminals at regional offices for accessing a system formerly accessible only at the headquarters would require a report.”
This expansion of access throughout the IRS may require generation of a SORN to address access of IRS systems/applications via the IRS-wide Intranet using standard networked workstations.
| 
