Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Business Master File Case Creation Nonfiler Identification Process (BMF CCNIP)

 

Privacy Impact Assessment

BMF CCNIP System Overview:

BMF CCNIP will establish a database to use existing business intelligence in the form of Master File, Information Returns Master File and Payer Master File data to identify, prioritize, and select BMF nonfiler inventory.

System of Records Number(s) (SORN) #:

Treas/IRS 22.061 Individual Returns Masterfile
Treas/IRS 24.046 CADE Business  Masterfile

Data in the System

  1. Describe the information (data elements and fields) available in the system in the following categories:

    1. Taxpayer - TIN, Tax Period, MFT, Filing Requirements, Prepayments, etc. will be built into the mainframe level system. Only aggregate data via reports will be accessible by employees.
    2. Employee - N/A
    3. Audit Trail Information (including employee log-in info) - The audit logs have critical event information (type of event, source of event, time and date of event, user accountable for event) that is useful for identifying system intrusion detection and system forensics should an attack occur. Logs are regularly reviewed
    4. Other (Describe) - N/A

  2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.

    1. IRS - All data is compiled from existing data in IRS files.
    2. Taxpayer - Same as A. above
    3. Employee - N/A
    4. Other Federal Agencies (List agency) - N/A
    5. State and Local Agencies (List agency) - N/A
    6. Other third party sources (Describe) - N/A

  3. Is each data item required for the business purpose of the system?  Explain.

    Yes, the data items are required to identify business nonfilers and select them for the return delinquency notice process.

  4. How will each data item be verified for accuracy, timeliness, and completeness?

    Utilities will be run to verify files were transferred correctly and in their entirety. MITS will incorporate Systems Acceptability Testing (SAT) procedures to ensure the data are accurate.

  5. Is there another source for the data?  Explain how that source is or is not used.  No

  6. Generally, how will data be retrieved by the user?

    The system feeds data into the Business Masterfile (BMF) systemically. User access is limited to aggregated reports, i.e. volumes, statuses, resolutions, etc.

  7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?

    The system feeds data into the Business Masterfile (BMF) systemically. User access is limited to aggregated reports, i.e. volumes, statuses, resolutions, etc.

    Access to the Data

  8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

    Analysts and managers will have access to aggregated data via reports.  System administrators, programmers, developers will have access to the entire system and data.

  9. How is access to the data by a user determined and by whom?

    Management will determine the access. However, user access is limited to aggregated data the user is required to be granted access through the OL5081 process and the user’s manager must sign for the user’s access.

  10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.  No

  11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?

  12. Will other agencies provide, receive, or share data in any form with this system?  No


    Administrative Controls of Data

  13. What are the procedures for eliminating the data at the end of the retention period?
     
    This system will retain and dispose of its data according to IRM 1.15.31 – Records can be destroyed after 1 year and must be archived after 5 years Utilities are run to systemically purge any data retained at the expiration of the applicable retention period.

  14. Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15.

    Yes – The system will use Information Returns Processing (IRP) and Payer Master file (PMF) to assist with the identification and selection of Business Nonfiler Inventory. 

  15. Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.  No

  16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.  No

  17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.  No

  18. Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?  Yes

  19. If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors? System is not web-based.


 


Page Last Reviewed or Updated: November 30, 2007