Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Employee Protection System

 

Privacy Impact Assessment – Employee Protection System

EPS System Overview

The Employee Protection System (EPS) database contains information to identify taxpayers that represent a potential danger to IRS employees.  Information is developed in conjunction with TIGTA.

System of Records Number(s) 

Treasury/IRS 60.000 Employee Protection System 
Treasury/IRS 34.037 IRS Audit Trail and Security Records System

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

A. The EPS database contains information to identify taxpayers that represent a potential danger to the agency/employee including information that relates to the taxpayer’s ability to follow through with the assault or threat.  In addition, information relating to the taxpayer’s current tax issues is contained in the database.
B. The EPS database contains information to identify the employee who reported the incident and employee witnesses.  In addition, the database contains information to identify the agent who investigated the complaint.
C. The Functional Security Coordinator is responsible for review of the Audit Trail Logs.
D. Additional information is provided from non-employee witnesses (name and locator information).  Also, third party information supplier identification and IRS case disposition information resides in the database.

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

A. None
B. None
C. None
D. EPS data elements are received daily from the Treasury Inspector General for Tax Administration (TIGTA) via FTP scripts.  The data received is extracted from electronic Form 8273, Assault, Threat, Harassment Incident Report.  The Employee Protection Specialist located in the OEP inserts date, time and status information into the database.   In order to conduct a thorough investigation, TIGTA gathers information from other Agencies such as the Federal Bureau of Investigation (FBI) and the National Crime Information Center (NCIC).
E.  Any state and local law enforcement agencies.
F.  Non-employee witness information is collected on Form 8273. 

3.  Is each data item required for the business purpose of the system?  Explain.

Yes.  The information is required to determine whether taxpayers meet criteria for inclusion into the EPS database. 

4. How will each data item be verified for accuracy, timeliness, and completeness?

TIGTA provides the initial data.  TIGTA agents investigate all complaints of IRS employees relating to assaults and threats.  The Agency relies on TIGTA’s Special Agents to verify data collected from sources other than IRS records.

5. Is there another source for the data?  Explain how that source is or is not used.  No.

6. Generally, how will data be retrieved by the user? 

The case number is used to retrieve information. The taxpayer’s name may also be used.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? Yes.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Authorized access is granted to the OEP Specialists; Chief, OEP; and IRS developers.  Since the data resides on a SUN E10K at the Detroit Computing Center, Security Administrator, and System Administrator have access to the system (superuser).  Limited access may be granted for audit purposes to GAO or TIGTA.

9. How is access to the data by a user determined and by whom? 

The Chief, OEP, determines who has access to the system.  Only employees with authorized access in OEP and IRS developers are granted access to the data.  Form 5081 is required for all users.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

No. No other IRS systems provide, receive, or share data in the system. EPS receives data from the Treasury Inspector General for Tax Administration (TIGTA).There is no direct interface from system to system.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?  N/A

12.  Will other agencies provide, receive, or share data in any form with this system?

Yes.  Data in the EPS database is shared with other federal, state, and local law enforcement agencies.  The IRS Disclosure Office handles all distribution of data from the EPS database   as required in IRC §6103(c).

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

On a daily basis, five-year reviews are conducted to decide, based on established criteria, whether the taxpayer should be removed from the database.   Records are then retired per IRM 1.15.1.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15. No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.

Yes.  Through ID, address and data in remarks fields, EPS can and does identify, locate, and monitor individuals and groups.  The purpose is to protect IRS and TIGTA employees dealing with potentially dangerous/cautionary taxpayers. 

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.

Yes, as explained above. 

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.

The PDT & CAU indicators notify employees of potential dangers that may arise through taxpayer contact.  The employees decide how to work the case using IRM procedures such as IRM 5.1.3.1 and IRM 4.2.1.2. (“Procedures for handling PDT coded cases” and “Request for Armed Escort”).

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

Taxpayer/Employee input is received through TIGTA interviews.  Due process is maintained through Specialist adherence to established criteria and management review of the recommendations prior to input into the EPS.   

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors? N/A
 


Page Last Reviewed or Updated: April 20, 2006