Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Service Center Recognition/Image Processing System (SCRIPS)

 

Privacy Impact Assessment – Service Center Recognition/Image Processing System (SCRIPS)

SCRIPS System Overview

This PIA has been generated for the operational system SCRIPS, to fulfill security re-certification and privacy requirements.  The following are answers to the Section V - Privacy Questions from the Internal Revenue Service Technical Manual - Privacy Impact Assessment, Vers.  1.3, (Document 9927 (1-97) Catalog No 23285V:

The Service Center Recognition/Image Processing System (SCRIPS) is a stand alone, tax forms processing system.  SCRIPS replaced the OCR processing hardware and software applications, which previously processed single-side tax reporting forms (Federal Tax Deposits (FTD) and Information Returns Program (IRP) and Schedule K-I .  This replacement occurred at four (4) Submission Processing Sites (SPS):   Austin Service Center -- AUSC; Kansas Service Center -- KCSC; Cincinnati Service Center -- CSC; Ogden Service Center – OSC, and the SAT site at NCFB-B2.  Applications and Development: Submission Processing: Workload Management: SCRIPS Project Office (OS:CIO:I:B:F:DI:SC), has been chartered with the development, implementation and maintenance of the SCRIPS.

The system has been operational in four submission processing sites since January 1995.  SCRIPS applications have been developed for the processing of scanned tax forms - e.g., Federal Tax Deposits (FTD) and Information Returns Program (IRP- Forms 1096, 1098, 1099, and 5498).  The IRS has now added certain K- documents to the scan list of form types 

System of Record Number(s) 

Treasury/IRS 22.034-Individual Returns Files, Adjustments and Miscellaneous Documents Files
Treasury/IRS 22.061-Individual Return Master File (IRMF) (formerly Wage and Information Returns Processing (IRP) File)
Treasury/IRS 24.030-Individual Master File (IMF), Taxpayer Services  (formerly Individual Master File (IMF), Returns Processing)
Treasury/IRS 24.046-Business Master File (BMF), Taxpayer Services (formerly Business Master File (BMF), Returns Processing)
Treasury/IRS 34.037 for the audit trail records.

Data in the System

1. Generally describe the information to be used in the system in each of the following categories: Taxpayer, Employee, and Other.

Taxpayer:
Taxpayer return information contained in the following IRS Form types:

Form 1096, Annual Summary and Transmittal of U. S. Information Returns
Form 1098, Mortgage Interest Statement
Form 1098-E, Student Loan Interest Statement
Form 1098-T, Tuition Payments Statement
Form 1099-A, Acquisition, or Abandonment of Secured Property
Form 1099-B, Proceeds From Broker and Barter Exchange Transactions
Form 1099-C, Cancellation of Debt
Form 1099-DIV, Dividends and Distribution
Form 1099-G, Certain Government Payments
Form 1099-INT, Interest Income
Form 1099-MISC, Miscellaneous Income
Form 1099-OID, Original Issue Discount
Form 1099-PATR, Taxable Distributions Received From Cooperatives
Form 1099-Q, Qualified Tuition Program Payments (Under Section 529)
Form 1099-R, Distributions from Pensions, Annuities, Retirement or Profit-Sharing Plans, IRAs, Insurance Contracts, etc.
Form 1099-S, Proceeds From Real Estate Transactions
Form 5498, Individual Retirement Arrangement Information
Schedule K-1 (Form 1065)
Schedule K-1 (Form 1041)
Schedule K-1 (Form 1120S)
Form 8109, Federal Tax Deposit (FTD) (preprinted) Coupon
Form 8109B, Federal Tax Deposit (FTD) (handwritten) Coupon

Other: Audit trail information is held in the system for the individual site System Security Officer (SSO) to review.

2. What are the sources of the information in the system?
    
a. What IRS files and databases are used?
None.  Only above stated paper format forms submission is processed in the SCRIPS system.

b. What Federal Agencies are providing data for use in the system?
Federal agencies as employers may potentially submit any of the stated Form types as it relates to tax administration.  The only paper processing allowed by IRS is for small monetary amounts.

c. What State and Local Agencies are providing data for use in the system?
Over a certain monetary threshold State and Local agencies must file electronically, therefore, it is inconceivable that any State or local agencies would provide any of the previous mentioned paper forms as paper submission. 

d.   From what other third party sources will data be collected?
Bank and Financial institutions over a certain monetary threshold must file electronically; therefore, it is inconceivable that any of these third parties would provide any of the previous mentioned paper forms as paper submission.

e. What information will be collected from the taxpayer/employee?
The individual Taxpayer can choose to submit anyone of the previously mentioned paper forms.  The login information is collected from the employee for the access control process (Form 5081).

3. a. How will Data from Other Sources Will Be Verified for Accuracy?

All SCRIPS data are received from authoritative source e.g., taxpayer, employer, shareholder, etc., through the mail in paper format.

3. b. How Will Data Be Checked for Completeness?

The SCRIPS runs a verification check contained entirely within SCRIPS.  All the required fields are the forms are validated to contain the appropriate data for processing.

3. c. Is the data current?  How do you know?

FTDs must be processed within a 24-hour period; K-1 & IRP forms must be processed by their IRM and location Production Completion Date (PCD).

4.  Are the data elements described in detail and documented?  If yes, what is the name of the document?

Yes.  Data elements are documented within the SCRIPS Computer Program Book, SCRIPS Functional Specification Package, SCRIPS Computer Operator's Handbook, etc.

Access to the Data

1.  Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

A profile is established for each authorized user, by the SCRIPS Site manager [5081] and the SCRIPS system administrators, SCRIPS Users, SCRIPS Managers, SCRIPS Contractor-Developers, Others (e.g., TIGTA, GAO), which lists only those functions that the user is authorized to execute. 

2. How is access to the data by a user determined?  Are criteria, procedures, controls, and responsibilities regarding access documented?

The SCRIPS site manager authorizes access to the system via the access control process (Form 5081).  Users must complete and submit the Form 5081 to their manager for approval.

3. How is access to the data by a user determined?  Are criteria, procedures, controls, and responsibilities regarding access documented?

Form 5081 (Rev. 9-95, or later), Automated Information System (AIS) User Registration/Change Request, shall be on file for each person requesting access to the SCRIPS.  Access is restricted to the authorized user's profile - The system will only send to the terminal those data which are within the user's permissions, as established by the user’s profile. 

4. What controls are in place to prevent the misuse (e.g. browsing) of data by those having access?

Authorized SCRIPS personnel are made aware of their roles as SCRIPS data users, by the Site manager and a review of the SCRIPS documentation is a user requirement.  SCRIPS Internal Revenue Manuals (IRM) (e.g., 3.41.268 - FTD Processing on SCRIPS, 3.41.269 - IRP on SCRIPS, 3.41.274 - SCRIPS General IRM, 3.41.275 - Scanner Operations on SCRIPS, IRM 3.0.101 - SCRIPS K-1 Processing); are available as the primary reference manuals for all authorized SCRIPS users.  It is mandatory that SCRIPS personnel familiarize themselves with these IRMs, as well as Manager's and Administrator's (SA & SSO) specific duties and responsibilities.  Auditing capability is part of the system.   Additionally, Supervisory oversight is in place, and the system only sends an image of the form to a terminal if data needs to be verified.   IRS Internal Revenue Manual (IRM) 25.10.1 requires separation of duties between the system administrator and security administrator; audit trails shall be reviewed by SSOs (system security officers) which are designated at each site.  However, Audit trails are being collected, but there is currently no process in place to ensure that sites are reviewing data for inappropriate data activity. 

5.a. Do other systems share data or have access to data in this system?  If yes, explain.

Yes.  Beginning with the Tax Year 2003 processing year, SCRIPS will use Files Transfer Protocol (FTP) via the Enterprise FTP Network Server ([EFNS], to transmit data to IRS Computing Centers (MCC or TCC). 

5.b. Who will be responsible for protecting the privacy rights of the taxpayers and employees affected by the interface?

Once the IRS Computing Centers receives the data, they are responsible for protecting the privacy rights of the taxpayer and employees. 

6.a. Will other agencies share data or have access to data in this system (International, Federal, State, Local, Other)? No.

6.b. How will the data be used by the agency?  Not applicable.

6.c. Who is responsible for assuring proper use of the data?  Not applicable.

6.d. How will the system ensure that agencies only get the information they are entitled to under IRC 6103?  Not applicable.

Attributes of the Data

1.   Is the use of the data both relevant and necessary to the purpose for which the system is being designed?

Each data item collected from the previously mentioned forms is required for the system to process, through character recognition for tax administration.

2.a. Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected?

No.  The system does not have the capability to aggregate the tax return/information supplied to the IRS by the taxpayer.

2.b. Will the new data be placed in the individual's record (taxpayer or employee)? Not applicable.

2.c. Can the system make determinations about taxpayers or employees that would not be possible without the new data?

Not applicable because the system only purpose is to scan and collect the data from the predefined form types.

2.d. How will the data be verified for relevance and accuracy?  Not applicable. 

3.a. If the data is being consolidated, what controls are in place to protect the data and prevent unauthorized access?  Explain.

No SCRIPS' data is being consolidated.

3.b. If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access?  Explain.  Not applicable.

4. How will the data be retrieved?  Can it be retrieved by personal identifier? If yes, explain.
    
The data could be retrieved within SCRIPS by Block number or Document Locator Number (DLN).  After the data are stored, searching by date is possible. 

4.1. What are the potential effects on the due process rights of taxpayers and employees of:

a   Consolidation and linkage of files and systems;
No SCRIPS' data are being consolidated or linked.

b.  Derivation of data:  Not applicable.

c.   Accelerated information processing and decision making;

The paper form data is validated with the scanned version for potential discrepancies.

 d.  Use of new technology.  Not applicable.

The taxpayer can submit corrected forms when they have determined that a correction is necessary.  Additionally, the IRS has a process in place for taxpayers to discuss their tax liability concerns outside the scope of the SCRIPS project. 

Maintenance of Administrative Controls

1.a. Explain how the system and its use will ensure equitable treatment of taxpayers and employees.

The SCRIPS system only scans paper forms submitted by the taxpayer regardless of who they are.  The employees’ access is determined by a need to know only and the employees with authorized access are provided the same information for process and accessing SCRIPS.   

1.b. If the system is operated in more than one site, how will consistent use of the system and data be maintained at all sites.

SCRIPS is operational at four Submission Processing sites, and the New Carrollton ITCC.  SCRIPS Configuration Management process is in place whereby changes are agreed to by the responsible IRS Executive, then and only then are changes transmitted to all sites.  The IRMs and security procedures are generated and distributed to the Branches responsible for SCRIPS' processing.  If unauthorized modifications are made, the system will not operate with the new configuration, and an event would be captured in the audit trail.

1.c. Explain any possibility of disparate treatment of individuals or groups.

There is no possibility for disparate treatment with the SCRIPS because SCRIPS just makes an image and processes the Forms as they are received from the mailroom.

2.a. What are the retention periods of data in this system?

Retention periods for the FTD, K-1 and IRP forms are in the Control Schedule for Service Center Operations-IRM 1.15.29-1.

All IRP Forms as previously listed = 4 years - IRM 1.15.29-1 parts 56,57,58,66,85,87,88,98,222,342,343.
Schedule K-1 (Form 1065) = 7 years - IRM [Z3] 1.15.29-1part 56
Schedule K-1 (Form 1041) = 7 years- IRM [Z4] 1.15.29-1parts 56,57,58,66,85
Schedule K-1 (Form 1120S) = 75 years- IRM [Z5] 1.15.29-1part 58,
Form 8109, and Form 8109B Federal Tax Deposit (FTD) (preprinted) Coupon = 7 years- IRM [Z6] 1.15.29-1 parts 342,343.

2.b. What are the procedures for eliminating the data at the end of the retention period?  Where are the procedures documented?
     
Destruction of the secured media for stored SCRIPS' data will be or are in the IS data security mandates, IRMs 25.10, and DoD 5200.28-STD.  Since SCRIPS Data is optical, and the IRS has not yet set standards for destruction for any optical media, physical destruction of the optical media shall be by shattering into shards less than ½” in size [until further guidance is supplied].

 All IRP Forms as previously listed = 4 years
 Schedule K-1 (Form 1065) = 7 years
 Schedule K-1 (Form 1041) = 7 years
 Schedule K-1 (Form 1120S) = 75 years
 Federal Tax Deposit (FTD) (preprinted) Coupon (Form 8109, and Form 8109B)= 7 years

3.c. While the data is retained in the system, what are the requirements for determining if the data is still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?

Data are not retained in the system past the one day time period after FTP to the Computing Processing site and the FTD data is two days after transmission.  The SCRIPS data is collected and transmitted daily.

3.a. Is the system using technologies in ways that the IRS has not previously employed (e.g. Caller-ID)?

No.  SCRIPS was designed to replace the Optical Character Recognition (OCR) system in use at Submission Processing Sites (SPS).

3.b. How does the use of this technology affect taxpayer/employee privacy?

Not applicable.  There is no new technology used.

4.a. Will this system provide the capability to identify, locate, and monitor individuals?  If yes, explain.

No.  The system as designed does not have the capability to monitor individuals except as it pertains to the audit trail information which is used to identify unauthorized events. 

4.b. Will this system provide the capability to identify, locate, and monitor groups of people?  If yes, explain.

No.  The system as designed does not have the capability to identify, locate or monitor groups.  
 
4.c. What controls will be used to prevent unauthorized monitoring?  Not applicable.

5.a. Under which Systems of Record notice (SOR) does the system operate?  Provide number and name.  Stated above.

5.b. If the system is being modified, will the SOR require amendment or revision? Explain.  Not applicable.
 


Page Last Reviewed or Updated: January 03, 2007