Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Internet Employer Identification Number

 

Privacy Impact Assessment – Internet Employer Identification Number Current Production Environment

IEIN System Overview

IEIN Phase 1 provided a web interface allowing the public to fill out and submit online SS-4s requesting and receiving in the same session provisional EINs. 

Internet –EIN (Release 1.1 also known as IEIN One Stop) enhanced the IEIN application with the capability for external sources (state taxing authorities) to populate Form SS-4 by an XML message over HTTP and IRS IEIN application issuing a provisional IEIN directly to the taxpayer in the same session.

IEIN CPE will automate approximately 65% of internet submissions.  SS-4 applications received through the internet that are perfect and would normally pass all validations without employee intervention will post directly to Master File without IRS employee research or input.  Imperfect submissions needing further research or communication with the customer will continue to be printed at one of three EIN sites and manually processed like they are currently. 

Note: IEIN CPE will not change the current Internet EIN Phase 1 application.  Currently, taxpayers access IRS.gov and submit their SS-4 application for an EIN.  The information is then transferred to a database where a print file is generated twice a day in Brookhaven, Cincinnati, and Philadelphia. Tax Examiners take the printed SS-4s and manually research and input the information.  IEIN CPE will intervene where the print file is generated.  Instead of automatically generating a print file, the information from the Internet EIN Phase 1 database will be pulled into a batch file where the system will perform the review that employees currently conduct manually.  If the information passes all validations, the record will post to IDRS automatically.  If the information does not pass all validations, the record will print out in one of the three EIN sites where it will be manually researched and processed as they are now.  No changes will be made to the existing Internet EIN system and we will not change what we disclose in our current EIN internet procedures.  The security certification and accreditation is covered by the IDRS ERAS security certification and accreditation and the existing Internet EIN Phase 1 security certification and accreditation.

Modernized IEIN (begins FY‘06) will be a complete redesign of the IEIN application and will integrate the front and backend processing.  A separate request for a Privacy Impact Assessment will be submitted for Modernized IEIN when we get closer to FY’06.

System of Records Number

Business Master File 24-046

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:

A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

A.  Employer Name, Address, Social Security Number and Type of Business.
B.  No IRS employee data is required.
C.  Customers are not required to authenticate to the system to submit a form.  The form is hosted within the STIR infrastructure and is subject to STIR auditing.
D. A provisional EIN is returned to the taxpayer after completion and successful transmission of the form.  The EIN is derived from a separate database of pre-assigned numbers and is not directly accessible by Customers.  Confirmation letters are mailed at a later date to establish the assigned numbers validity.

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.

A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

A.  After the customer submits the form, the IRS completes an automated process of data transfer and verifies the request.
The IRS provides, stores, and catalogs the assignment of EIN numbers.
B.  The taxpayer is required to complete all fields of Form SS-4.  All information is deemed timely and accurate.
C.  None.
D.  None.
E.  None. 
F.  None.

3.  Is each data item required for the business purpose of the system?  Explain.

Yes.  To ensure proper assignment and verification, all fields of Form SS-4 must be completed.

4. How will each data item be verified for accuracy, timeliness, and completeness?

Form validation is performed on all fields prior to acceptance to determine if expected input is supplied.  Each form is time and date stamped then logged for 30-days.  Manual verification is performed after submittal only if an anomaly is detected.

5. Is there another source for the data?  Explain how that source is or is not used.

In addition to using the Internet EIN application, taxpayers have the option of submitting the SS-4 application for an EIN through fax, mail, or phone.  Information collected on SS-4 applications from these other channels is identical with the data supplied through the Internet.  The information is processed using the same criteria whatever the submission process.

6. Generally, how will data be retrieved by the user? 

The system will retrieve data submitted by applicants, validate fields and post to IDRS. In the event of anomalies in the data, the system will generate printed copies to be worked by IRS analysts.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? 

Yes. In addition to the process described in Item 6, forms completed and submitted by customers are logged and stored for thirty days as checks and balances to verify manual processed counts against online submittal counts.  Designated operators may query the logs by name, social security or date to locate and identify any unprocessed forms in the event of a discrepancy.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

System Administrators, Developers, and designated employees as part of their official duties.

9. How is access to the data by a user determined and by whom? 

IRS users are given access through the 5081 process.  IEIN uses Application Messaging and Data Access Services Application Programming Interface (AMDAS APIs) which automatically logs the Taxpayer request for an IEIN into the Security Audit and Analysis System (SAAS) database.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

Yes.  The taxpayer submits the online SS-4 through the Internet EIN application, which then verifies the information in IDRS.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?

In IEIN CPE, four programs are being added to the IDRS ERAS System.  This system is a XXX X that runs on a XXXXXX.  This system is a legacy system and is covered under the XXXXXX certification.  
 
12.  Will other agencies provide, receive, or share data in any form with this system? 

Yes.  TIGTA and the General Accounting Office may have access to the data as part of security reviews, system assessments, and oversight responsibilities.  Data from new applications for which a number is issued will continue to be transmitted to the Social Security Administration.  A CP-575 Notice is mailed to the taxpayer informing him/her of the EIN and filing requirements. 

The industry codes established by SSA will be electronically transmitted back to IRS and entity records updated with the codes. SSA will also transmit the entity information and industry codes to the Department of Commerce.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

All data is retained in accordance with IRM.1.15.1.  The data is deleted after 30 days and is overwritten to ensure its destruction.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15.  No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.  No.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.  No.

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.  No.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

The system will print out all unworkable submissions and a Tax Examiner will review and correct the information or correspond with the taxpayer.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?

The application itself does not use cookies in any way.
 


Page Last Reviewed or Updated: August 12, 2005