Privacy Impact Assessment – Bulkdata Electronic File Transfer (BEFT) System

BEFT System Overview 

BEFT was developed in cooperation with the Federal Reserve Banking system to provide an electronic data interchange capability to allow Federal Reserve Banks (FRB) to send queries to the IRS and for the IRS to send responses to those queries. 

BEFT manages the generation and exchange of data required to balance the paper Federal Tax Deposit (FTD) accounts with the FRB in order to allow money to be released to the Department of the Treasury. 

System of Records Number(s) 

Treasury/IRS 24.046 - CADE Business Master File (BMF)
Treasury/IRS 34.037 - IRS Audit Trail and Security Records System

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

A. Taxpayer – The BEFT system contains asset and liability management information; accounting information and collections and receivables information.  This includes such taxpayer entity information as Employer Identification Number (EIN), name, type of tax and tax period.  Should the taxpayer be a sole proprietor business, social security number (SSN) of the business owner could be included.

B. Employee – The employee Standard Employee Identifier (SEID) and authenticated Active Directory session credentials are used for authentication.  Only access specifically allowed by an employee profile maintained within the system is allowed.

C. Audit Trail Information – BEFT keeps audit trails of all user queries performed on the system.  Information including the UserID, the query criteria, the Declaration Control Number (DCN) resulting from the query, and a date and timestamp of when the query was performed are tracked in these logs. 

D. Other – The BEFT system contains commercial bank routing numbers, bank names, bank employee contact names/phone numbers and bank addresses.

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

A. IRS – The BEFT system receives data from the FTD Mainline and from the Online (OL) Form 5081.

B. Taxpayer – The BEFT system does not directly collect taxpayer information.   Taxpayer data is obtained through an electronic data interchange capability with the FRB.  However, the information used by the BEFT system is mostly non-taxpayer monetary information.

C. Employee – The BEFT system does not receive data from the employee, but it does contain authorized employee access profiles.

D. Other Federal Agencies – The BEFT system receives some taxpayer entity information from the FRB, including the TIN, name and address of a taxpayer who filed a paper FTD when the FRB request a reversal action.

E. State and Local Agencies – The BEFT system does not receive data from State or Local Agencies.

F. Other Third Party Sources – The BEFT system receives data from commercial banks.  Commercial banks send the coupons that the taxpayer submits to the IRS with an Advice of Credit.  Commercial banks transmit deposit Advice of Credit information (total of deposit, deposit date, number of items, and pre-printed transmittal number) to the FRB, which is then transmitted to the IRS via Fedline.  Magnetic tape vendors create tapes for taxpayers who do not file a paper coupon.  This tape is taken in to post the credits to the taxpayer accounts.  The Advices of Credits are reported to the FRB in the same manner as with paper.  

3.  Is each data item required for the business purpose of the system?  Explain.

Yes.  The data are used to adjust and classify funds to be transmitted to the Department of the Treasury.

4. How will each data item be verified for accuracy, timeliness, and completeness?

All federal tax deposit information communicated between the BEFT system and the FRB via daily transmittals is verified by both the IRS and the FRB and must match on both sides or be retransmitted.

5. Is there another source for the data?  Explain how that source is or is not used.

No.  There is not another source for the data.

6. Generally, how will data be retrieved by the user? 

Data can be retrieved by voucher/adjustment action or by commercial bank or FRB identifiers.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? 

No.  Data cannot be retrieved by a personal identifier.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Users have access to the data assigned to their Submission Processing Center (SPC).  System Administrators (SA) have read/write access to the operating system to perform scheduled maintenance and other regular administrator duties.  Database Administrators (DBA) have read/write access to all application data to perform regular database maintenance duties.  The System Manager has read/write access to the user profile data and application control data. 

9. How is access to the data by a user determined and by whom? 

User access to the BEFT system is controlled by IRS Intranet system security enacted by Windows 2003 authentication and the firewalls.  Only designated IRS employees with BEFT accounts will have access to the BEFT system.

Approval for BEFT access is processed via the following OL5081 approval layers:

     -- Employee’s manager
     -- Security coordinator
     -- IRS headquarters approval to use BEFT
     -- MITS approval

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

The BEFT system does not use other IRS files or query other IRS databases.  The system receives fixed format data reports that may have been derived from other files and databases from other IRS SPC systems.

Those reports are placed in a directory on the SPC mainframe by those other systems, where the reports are available for FTP transfer to BEFT.  The content of those reports is identified in the following BEFT data file formats.

     -- FTD5506-001 (FRB-VERIFICATION-REC)
     -- FTD6105-001 (DAY-CLASSIFIED-RPT-REC)
     -- FTD9501-001 (FTD-VARIANCE-SYSTEM)

Only the FTD9501-001 (FTD-VARIANCE-SYSTEM) contains taxpayer information in that it has a four character name control (first four characters of last name) and the taxpayer EIN.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?  Not applicable.

12.  Will other agencies provide, receive, or share data in any form with this system?

Yes.  The FRB provide data to the BEFT system.  The BEFT system receives data from the FRB in the form of requests for information or as confirmations.  The content of those reports is identified in the following FRB data file formats:

     -- FRB Verification Data (TTLB Layout)
     -- FTDLIST (TTLC Layout)
     -- FTD5506 Verification Report (TTLC Layout)
     -- Daily Deposit Ticket (TTLF Layout)
     -- Voucher Confirmations-IRS Vouchers Processed Record (TTL1 Layout)
     -- Requests File-Request for Reversal Records (TTL6 Layout)
     -- Requests File-Request for Replacement Card Record (TTL6 Layout)

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

The retention periods vary from less than a year for payment to depository data to a few years for the vouchers and adjustments.  At the end of the retention period, clerks at each FTD site manually destroy the data (paper, diskette) via shredding.

     -- CBAF (Commercial Bank Address File) is destroyed when an updated listing has been received and verified to be accurate.
     -- FRB Verification List is destroyed 12 months after date of listing unless the Supervisory Auditor at the IRS campus requests that they be detained for a longer period.
     -- FTD Adjustment Action Requests destroyed 2 years after date of listing.
     -- Reversal and Replacement Requests destroyed 3 years after date of listing.
     -- Monthly Variance Reports destroyed 6 months after reports are produced.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15. 

No.  The BEFT system is not using technology in a new way.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.

No.  Although the BEFT database retains taxpayer information from data entered into the system, there is no capability for users to query the database for historical information on individual taxpayers or groups.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.

No.  The BEFT system is not a real-time online system and, therefore, incorporates no real-time monitoring capabilities.

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.

No.  There is a minimum of taxpayer information on the BEFT system.  Information is only contained on the reversal requests, which are used to ensure that the taxpayer has the correct amount of credit.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

The BEFT system does not negatively impact due process rights of taxpayers/employees.  The BEFT system balances and adjusts aggregate deposits by commercial banks; it is not used to make any decisions about taxpayers.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?

Not applicable.  The BEFT system is not web-based.