Privacy Impact Assessment – Form 5472
Form 5472 Overview:
Form 5472 (Information Return of a Foreign Owned Corporation) contains information regarding financial and non-financial transactions of foreign corporations. This form feeds in to the Foreign Information System (FIS).
The Form 5472 application primarily perfects the data transcribed for the Foreign Information System into an acceptable format for use by Large and Midsize Business (LMSB). The source document is Information Return of a Foreign Owned Corporation (Form 5472).
This application handles identifiable taxpayer information and access is restricted to IRS personnel.
Systems of Records Notice(s):
Treasury/IRS 22.027-- Foreign Information System
Treasury/IRS 34.037-- IRS Audit Trail and Security Records System
Data in the System
1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)
A. Taxpayer:
The source document for the system is Form 5472- Information Return of a Foreign Owned Corporation. This form contains information regarding taxpayer financial and non-financial transactions of foreign corporations (e.g., asset information, monetary transactions).
The following main data elements are found within the Form 5472 application from the Form 5472:
* Corporation Name and address
* Employer Identification Number – (EIN)
* Country of Corporation
* U.S. Identifying Number
* Name and address of related parties (other stock holders)
* Taxpayer Identification Number (TIN)
B. Employee: None
C. Audit Trail:
A tail sheet is generated at the completion of a Form 5472 run. The tail sheet contains information on tapes used, a tally number of records input and output, start and stop time. The tail sheet is generated at the production scheduler’s console and discarded at the end of the Form 5472 run.
UNISYS is a MITS 23 system. MITS 23 follows the following audit functionality:
MITS-23 GSS records all privileged user (e.g., administrator) actions. The MITS-23 GSS auditing captures user log on/off activities. MITS-23 also performs auditing of access control mechanisms to include auditing system administrators and security administrators’ actions while logged onto the system in their respective administrator role or their user mode.
In addition, MITS-23 GSS auditing, at a minimum, includes the following activities: (1) audit options success or failure, (2) logins and logoffs, (3) unsuccessful authentication and authorization attempts, (4) service connection requests, (5) ftp connections, (6) privileged user connections and requests, (7) use of user rights, (8) user and group management, (9) security policy changes, (10) startup and shutdown, (11) file and object access, and (12) specific platform events.
The audit logs have critical event information (type of event, source of event, time and date of event, user accountable for event, file name) that is useful for identifying system intrusion detection and system forensics should an attack occur. MITS-23 GSS audit records and identifies the origin of the request (e.g., workstation ID, host IP address, terminal ID) for identification and authentication (I&A) events including logon, logoff, and password changes. Successful accesses to files containing taxpayer data and file related transactions are recorded and audited.
2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)
A. Information can only be input into the Form 5472 system from a tape/disk that is generated by the Generalized Mainline Framework (GMF). There are no other means to enter data into the Form 5472 application.
B. None
C. None
D. None
E. None
F. None
3. Is each data item required for the business purpose of the system? Explain.
Yes, the Form 5472 application transcribes the Form 5472 information into an acceptable format for use by LMSB.
4. How will each data item be verified for accuracy, timeliness, and completeness?
The Form 5472 application executes once per week between August and January as determined by the program analyst. Once Form 5472 application receives input, the application provides an array of input validation to ensure the accuracy, completeness, and validity of data being entered into the application. Validation checks include record format, record content, and data consistency.
The system validates transmitted Form 5472. When the format or content of the Form 5472 is incorrect or the data is invalid, error indicators are set and those fields in error are displayed on error registers with the appropriate error code and type and are edited for correction.
5. Is there another source for the data? Explain how that source is or is not used.
No. Information can only be input into Form 5472 from a tape/disk that is generated by the GMF as mentioned previously. There is no other source of data for the Form 5472 system.
6. Generally, how will data be retrieved by the user?
Form 5472 resides on the UNISYS mainframe (i.e., MITS 23). In order to access the UNISYS mainframe, a user (for this system there are no direct “users”, only developers, transcribers, an Error Resolution staff, and an Operations staff) must first logon to the LAN with a valid UserID and password. After logging on to the LAN, the user will need to launch the appropriate windows front-end application and provide a valid Unisys UserID and password.
7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?
Yes. Form 5472 is a batch application and data (to include TIN and EIN) can be viewed by a “user” in any weekly batch reports, however, the data cannot be used as the criteria for a report.
Access to the Data
8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?
Form 5472 is a batch application that has no direct users.
Those individuals that have access to the Form 5472 application are developers, transcribers (those individuals who key in the data from the tapes) and the error resolution staff. A fourth group, the Operations Staff, which includes System Administrators, Operators, and Schedulers has read-only access to the data in tape format.
Program Analysts have access to Form 5472 reports. These reports are provided to the Program Analysts by the developers for problem solving or system improvement.
There are no contractors acting on any part of the application.
9. How is access to the data by a user determined and by whom?
All new users requesting access to the Form 5472 application must do so through the OL5081 system. When a user has been approved for access to the application by his/her manager, the OL5081 system sends an email to the user, providing an approval notification.
Form 5472 is a batch application that has no direct users. Access to the Form 5472 application by developers, transcribers, and Operations staff as privileged users is controlled through the UNISYS mainframe GSS (MITS 23). These privileged users must go through the OL5081 process, as well as obtain manager approval prior to receiving access to the UNISYS and Form 5472. Privileges within the Form 5472 application are given on a role basis that correlate with “user” titles (e.g. transcribers, operations staff, etc.)
10. Do other IRS systems provide, receive, or share data in the system? If YES, list the system(s) and describe which data is shared. If NO, continue to Question 12.
The Form 5472 application does not electronically connect with other applications and external sources.
The Form 5472 application manually receives GMF foreign corporation transaction information on tapes. All information is manually input.
11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?
Yes, GMF pipeline has both credentials.
12. Will other agencies provide, receive, or share data in any form with this system?
No. Other agencies do not receive or share data with the Form 5472 application.
Administrative Controls of Data
13. What are the procedures for eliminating the data at the end of the retention period?
The Form 5472 application does not generate removable digital media; however, it has the capability to generate printed reports. Only authorized data storage staff have access to printed and Automated Tape Loaders (ATL) or disk arrays associated with Form 5472.
After reports are generated, the data residing on tapes are erased. The tapes are then kept in the system for reuse.
IRM 1.15.23, Records Management, Records Control Schedule for Tax Administration – Examination, dated November 1, 2002 is the IRM guidance that is followed for the disposal of records.
14. Will this system use technology in a new way? If "YES" describe. If "NO" go to Question 15.
No. This system will not use technology in a new way.
15. Will this system be used to identify or locate individuals or groups? If so, describe the business purpose for this capability.
No. While registers or reports may pull from any data element in the system, the Form 5472 application does not identify individuals or groups.
16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.
No. The Form 5472 is only a batch system and does not have monitoring capability.
17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently? Explain.
No. The Form 5472 is only a batch application and cannot be used to treat taxpayers or employees disparately.
18. Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?
Not applicable. This system is not used to make negative determinations.
19. If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?
No. Form 5472 is not a web based application.
| 
