Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Prior Year Earned Income Option

 

Privacy Impact Assessment -- Prior Year Earned Income Option (PYEIO)

PYEIO System Overview

The Katrina Legislation permits qualified individuals to calculate their earned income tax credit (EITC) and additional child tax credit (CTC) for Tax Year 2005 using their 2004 earned income amount.  The Prior Year Earned Income Option (PYEIO) application will provide the ability for taxpayers to compute earned income tax credit (EITC) and additional child tax credit (CTC) for Tax Year 2005 by providing the earned income dollar amount claimed in 2004.  Taxpayers may access the PYEIO application by navigating from links on the IRS home page, http://www.irs.gov.  The PYEIO application will authenticate user input “shared secrets,” (Taxpayer Identification Number (TIN) and Date of Birth (DOB)) and account eligibility before any account information is disclosed or further use of the application is allowed.  Eligibility is determined by the zip code of the address of record being in the defined disaster areas or by the account being previously identified as an account of a disaster victim by normal IRS procedures.

System of Records Number

Treasury/IRS 24.030 Individual Master File

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:

A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

A. Taxpayer information which is provided by the taxpayer for authentication by the IRS includes the following:
Taxpayer Identification Number (TIN)
Date of Birth (DOB)

B. N/A

C. The system will collect MIS information related to the taxpayer’s use of the application (e.g., how many hits encountered, how many taxpayers successfully submitted an installment agreementreceived their earned income amount, what links were followed, etc.)

D. N/A

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.

A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

A.  By matching the Taxpayer entered TIN and DOB of an account which has been identified as a disaster victim account, this application extracts the TIN, File Source, Tin Type, DOB of Primary Taxpayer and the Earned Income Amount for 2004 from the Customer Communications Interactive Processor (CCIP).  CCIP received its corresponding data from Corporate Files On Line (IDRS CFOL) using Command Codes SCAP IRTF (Standard CFOL Access Protocol Individual Return Transaction File) and SCAP IMF (Standard CFOL Access Protocol Individual Return Transaction File).

B.  TIN and DOB
C.  N/A
D   N/A
E.  N/A
F.  N/A

3.   Is each data item required for the business purpose of the system?  Explain.

Yes.  This application is tailored for a very specific purpose and only those data elements which are needed to fulfill that purpose are requested and / or displayed.

4. How will each data item be verified for accuracy, timeliness, and completeness?

All data collected from and displayed to the user will be verified against or displayed from existing IRS information systems in real time.  The maintenance and upkeep of those systems and the data contained therein is beyond the scope of this application and this document.

5. Is there another source for the data?  Explain how that source is or is not used.

No, there is no other source from which to obtain necessary information.

6. Generally, how will data be retrieved by the user? 

Data will be retrieved from IRS records by the user through the publicly available web front-end portion of the application using a standard 128-bit SSL encryption capable web browser application such as Internet Explorer or Netscape Navigator.  Users will have no direct access to IRS systems beyond the front end web server.  Users shall only have such access to the web server as is necessary to provide PYEIO with information to perform its intended purpose and view the resulting information display.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? 

The PYEIO application retrieves personal taxpayer information based on TIN and DOB from the Central Files on-line database Integrated Data Retrieval System (IDRS(CFOL).  Taken on its own, the TIN / SSN is enough to identify an individual however, the system will not provide any information unless the user also correctly enters the DOB, and the CFOL account belongs to a hurricane victim.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Primary access of data in the system will be by individual taxpayers. Designated Systems Administrators (SA) will have access to the data in the course of performing their SA duties (backup, maintenance, etc.).  SA system/data access will be controlled through the Online 5081 system. 

9. How is access to the data by a user determined and by whom? 

Access to the data is determined automatically by the system depending on whether the user correctly entered shared secret information or if any data was successfully retrievable given a set of shared secret credentials.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

Yes.  This information is provided by the Integrated Data Retrieval System (IDRS)Central Files On-Line (CFOL) through the Customer Communications Interactive Processor (CCIP) interface.  No updates to IDRS CFOL occur through the CCIP interface.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?  Yes.

12.  Will other agencies provide, receive, or share data in any form with this system?  No.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

No personally sensitive data is stored by the PYEIO application for longer than user’s period of use or the automatic session timeout. Maintenance and upkeep of the information systems from which this system derives its data is beyond the scope of this application and this document.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15.  No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.  No.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.  No.

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.  No.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

Yes, if the taxpayer does not qualify to receive their earned income amount through the automated system, a phone number shall be provided for appropriate assistance.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?

The system uses “session cookies” only.  The cookie contains a unique identifier which can allow the web server to properly identify the user’s web client application only.  The value of the cookie usually resembles a randomly generated string of characters and in nonsensical to humans.  No personally identifiable or sensitive information is stored in client-side cookies.  The session cookie is destroyed when the user terminates their web browser client, logs out of the application, or when the session timeout period has elapsed due to inactivity, whichever occurs first.
 


Page Last Reviewed or Updated: January 26, 2006