Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Modernized Internet Employer Identification Number (Mod IEIN), Rel. 7.5 Milestone 4 & 5 - Privacy Impact Assessment

 

PIA Approval Date: November 7, 2007

Mod IEIN System Overview:

Modernized Internet Employer Identification Number (Mod IEIN) is part of the Integrated Customer Communications Environment Web Applications (ICCE Web Apps).  Mod IEIN will help taxpayers, businesses, and their representatives complete the application for Employer Identification Number (EIN), Form SS-4, using a new interactive system which asks questions tailored to the type of entity the taxpayer is establishing.  By providing full automation of the back-end processing of EIN assignment, the applet will eliminate the assignment of “provisional” EINs, resulting in improved ease of receiving valid and ready-to-use EINs.  The Mod IEIN applet will also improve overall processing accuracy and timeliness, additionally allowing IRS telephone assistors to devote time to more productive activities.  Eventually, over 90% of taxpayers who qualify for an EIN will be able to secure EIN approval and initiation via IRS.gov. 

Systems of Records Notice (SORN):
 
IRS 24.046 – Business Master File
IRS 34.027 – IRS Audit Trail and Security Records System

Data in the System

  1. Describe the information (data elements and fields) available in the system in the following categories:

    1. Taxpayer data contained in the system is listed below:

      • Entity Type (e.g., sole proprietor, partnerships, corporations, Limited Liability Company, estate, withholding agent, household employer, political organization, receivership)
      • A Limited Liability Company Check
      • A Reason for Applying
      • Name (Company Name or First/Middle/Last/Suffix)
      • Social Security Number (SSN)/Individual Taxpayer Identification Number (ITIN)/Employer Identification Number (EIN)
      • Third Party Designee Check ( If the person completing the application is a third party acting on behalf of the taxpayer, we can't provide the 3rd party with the online notice.  Therefore, we determine if the person is the actual taxpayer or a 3rd party to determine what actions to take when we assign the EIN. Name of Third Party Designee (if applicable) (First/Middle/Last/Suffix)
      • "Care Of" Name (Used in the event the taxpayer would like his/her mail addressed to a different person/business, such as a secretary or office manager.)
      • Physical Location
        • Street
        • City
        • State/US Territory
        • Zip Code
        • Phone Number
      • Mailing Address (if applicable)
        • Street
        • City
        • State/US Territory
        • Country
        • Zip Code
      • Third Party Designee Address (if applicable)
        • Street
        • City
        • State/US Territory
        • Zip Code
        • Phone Number
      • Legal Name
      • Trade Name (Used by companies who advertise their business name as something different than their legal name.
      • County where business is located
      • State where business is located/incorporated
      • Date Business Started/Acquired or Date of Death
      • Closing Month of Accounting Year
      • Principal Business Activity (A business activity represents tangible goods, such as automobiles.)
      • Principal Service Activity (a service activity represents intangibles, such as consulting.)
      • Employee Hired Check
      • Employee Information on employees that receive W2s (rather than 1099s) (if applicable)
        • Wages Paid Date
        • Number of Agricultural Employees
        • Number of Household
        • Employees (only for certain types)
        • Number of Other Employees
        • Employment Tax Liability Information
      • Number of Members in Limited Liability Company (LLC)
      • Corporation or Sub Chapter S Check (Corporations have the option to be classified as a regular corporation or a Sub Chapter S corporation (S-Corp). If a company wants to be an S-Corp, they must file a form requesting this classification, which we tell them about if we determine they want to be an S-Corp. This check is used to determine if we need to provide them with the S-Corp information.
      • Alcohol, tobacco, and firearms check, which is required to determine if the Tax & Trade Bureau (TTB) needs to be notified of the applicant's business being established. If an applicant answers "Yes" to the "Alcohol, tobacco, and firearms" question, the applicant's information is written to a file that is sent to the TTB once a month. This emulates what is currently done in the manual environment whereas an actual copy of the Form SS-4 that the taxpayer submitted is mailed to the TTB.
      • EIN Confirmation Letter Delivery preference
      • Survey Question Inputs (Every 25th customer will be offered a survey to provide the IRS with feedback on how they feel about the online application. This data will not identify users and will only be used to enhance the application in future releases.)
      • Trustee business name/trustee individual name
      • Type of real estate investment trust (mortgage or equity)

    2. No IRS employee data is required in the Mod IEIN application because IRS employees will not use the Mod IEIN application to process EIN requests. IRS employees will continue to process EIN requests that come via fax, phone, or mail using the IDRS command code ESIGN as opposed to using the Mod IEIN application.

    3. Additionally, Mod IEIN audit data is captured by the Security Audit and Analysis System (SAAS). Audit trail logging for the applet is sent to SAAS via Application Messaging and Data Access Services (AMDAS) for each transaction that reaches the back-end. The audit data captured is listed above in question 1A, with the exception of the Survey Question Inputs.

      The SSN and name of the taxpayer are required as part of the authentication process and cannot be substituted by another data field to identify the customer.  The information is captured for audit trail purposes. Even though a ready-to-use EIN is being issued, the IRS still needs to have the ability to have audit trails for future reference if necessary. These are for internal use and are closely guarded. They are only available to IRS employees who follow the proper procedures to gain access to them, which is by going through the OL5081 process. A manager must approve the OL5081 request and then an administrator will grant the access.

  2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.

    1. IRS - EIN Research & Assignment System (ERAS) is the only IRS system/source that communicates directly with Mod IEIN. Mod IEIN via the ESIGN command code sends information to ERAS, which has the same data fields as Mod IEIN since all of the information from Mod IEIN is sent to ERAS. Mod IEIN sends the data elements listed above in question 1A. The EISGN command code is the IDRS command code used to input EIN application information into so an EIN can be assigned. No other systems communicate with Mod IEIN, directly or indirectly.

    2. Taxpayer - The taxpayer provides all the applicable information listed in section 1A, if they are completing Form SS-4. (Form SS-4 (Application for Employer Identification Number) is the paper form used by taxpayers to request an EIN. The Mod IEIN application gathers the information that would otherwise be submitted on a Form SS-4 if a taxpayer filled one out and faxed or mailed it in.

    3. Employee - Employees do not provide information to the Mod IEIN application.  As such, the Modernized IEIN system will not obtain any data from employees.

    4. Other Federal Agencies (List agency) - No other federal agencies provide data to Mod IEIN.

    5. State and Local Agencies (List agency) - The existing "ONE-STOP" system and the taxpayers in "participating" ONE-STOP State Taxing Authorities (STAs) are affected. STAs include those states which have a Memorandum of Agreement (MOA) with the IRS. ONE-STOP is an existing program that passes tax information from a specific US State's Website to Mod IEIN. Taxpayers registering in their state for a State Tax Identification Number in "participating" STAs (i.e., those who have a MOA with the IRS) have the capability to get a Federal EIN by electing to partially pre-populate an SS-4 by an XML (Extensible Markup Language) message over HTTP (Hypertext Transfer Protocol) via IRS.gov/Mod IEIN.  No data is stored or permanently written to a database; information is merely passed from the State Website to IRS.gov.  Mod IEIN validates the information and then issues a valid EIN directly to the taxpayer in the same session.

      NOTE: At the current time, only two US States (Georgia and New York) are offering "ONE-STOP". All 50 states will have the option to join the ONE-STOP program.
    6. Other third party sources (Describe) - None

  3. Is each data item required for the business purpose of the system? Explain.

    Yes. To ensure proper assignment and verification, all fields relative to the type of entity being established must be completed.  The Mod IEIN application only asks for relevant information for the specific entity type the taxpayer is applying for. So, depending on the entity type and how the applicant answers various questions, he/she will only be asked to enter information that is relevant and needed to establish the entity.

  4. How will each data item be verified for accuracy, timeliness, and completeness?

    This validation process will verify the accuracy and completeness of the information versus the business rules. If the information matches IRS records and no duplicate EIN exists, the record will post to IDRS immediately.  If the information does not match IRS records, the record will reject back to the taxpayer for correction and re-submission.  If the taxpayer cannot correct the information within three attempts, he/she will be given an error page and their session will end. He/she will then have to start the online process again to be able to submit the application.

    Addresses are verified using the Integrated Customer Communications Environment (ICCE) Finalist interface, an approved USPS system. However, Finalist is only used in order to change addresses into the USPS approved format (i.e. A nine digit zip code instead of just five). 

    Only accepting those applications that pass all validation checks and forcing the taxpayer to provide correct information up-front guarantees 100% automation, accuracy, timeliness, and completeness.

  5. Is there another source for the data?  Explain how that source is or is not used. 

    Yes - In addition to using the Internet EIN application, taxpayers have the option of submitting the SS-4 application for an EIN through fax, mail, or telephone.

    Information collected on SS-4 applications from other channels such as paper, fax, or phone submission, is the same as what is collected through the internet.  Applications received through these channels will continue to be processed manually.

  6. Generally, how will data be retrieved by the user?

    Taxpayer - Once the taxpayer submits his/her information (refer to inputs from 1A) on the Mod IEIN system and that information passes the up-front validity checks, the taxpayer will receive either a successfully generated EIN or an error message, which reads “The information you have entered does not match IRS records.”  The applicant will be able to view the information screen by screen, but will not be allowed to change the information on most of the screens once he/she advances to the next screen.  However, a summary page will be shown with the information entered, but the taxpayer will not be able to make changes unless they start the process over. 

    IRS Employee - Once the taxpayer submits his/her information on the Mod IEIN system and the information passes the up-front validity checks, the information will then run through the backend validation process and post automatically, provided all the information matches IRS records.  If the information does not match IRS records, it will be rejected back to the taxpayer for correction and re-submission. 

  7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?

    No for taxpayers.  Taxpayers will not be able to retrieve their data once they’ve submitted it.  The only way for an individual to change his/her application data once it’s been processed is to submit a request in writing (see question 18 for more details on due process).

    No for IRS employees.  Data is not retrievable from Mod IEIN by a personal identifier such as name, SSN, or other unique identifier since Mod IEIN is not a database.

    Access to the Data

  8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

    Internal Employees – System Administrators, Database Administrators, Managers, and Tax Examiners, as part of their official duties.

    Contractors, including Developers, will not have direct access to the Mod IEIN production system or database.  Only IRS System Administrators will have access to the production environment.  However, Developers are available to help System Administrators troubleshoot technology problems.  In these cases, the System Administrator will provide the necessary information to the Developer so he/she can assist with the problem, which is considered indirect access since the System Administrator will provide the Developer with the necessary information as opposed to the Developer being able to access it directly.

    External Users – Individual taxpayers will not have access to any back-end data (i.e., data in the IDRS Master File).

  9. How is access to the data by a user determined and by whom?

    The data on the Mod IEIN authentication database will only be available to System Administrators (SAs) and Database Administrators (DBAs).  Access to this data is determined by business need and is requested via the OL-5081 system.  The SAs and DBAs will first receive approval to access the data by their manager and then the OL-5081 is approved by the business owner or designee per IRS policy.  The System Administrators will determine if a Developer or other outside user needs to gain access to the data. 

  10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

    Yes. ERAS receives data from Mod IEIN via the ESIGN command code.

  11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?

    Yes.

    IDRS/ERAS:

    • Certification and Accreditation approved on May 18, 2006, expiring on May 18, 2009.

    • Privacy Impact Assessment approved on  April 12, 2005, expiring on April 12, 2008


  12. Will other agencies provide, receive, or share data in any form with this system?

    Yes - Tobacco and Trade Bureau (TTB) will receive pertinent information (EIN assigned, legal name of the entity, street address, city, state, zip, telephone number, entity type, and date EIN assigned) from the online application for all companies who indicate that they sell or work with alcohol, tobacco, firearms, or imported perfumes in some capacity. Internal Revenue Code (IRC) 6103(h)(1) authorizes IRS to provide this information to TTB to conduct its tax administration duties.

    This process currently takes place for all paper forms and IEIN Current Production Environment (CPE) forms that are received.  Mod IEIN will continue to provide the pertinent information in an electronic format.  For TTB, the Mod IEIN system will create a file each month and systemically email it to the business owner.  The business owner will then use WinZip to encrypt the file and password-protect it.  The encrypted file will then be emailed to the TTB contact.

    Treasury Inspector General for Tax Administration (TIGTA) and Government Accountability Office (GAO) have audit authority, which allows them to conduct audits of Mod EIN information or the system itself at any time.  Therefore, they will be allowed access to Mod IEIN or its data, provided they follow the necessary steps to obtain the information.  However, no information is automatically generated or delivered to either Agency. 

    Administrative Controls of Data

  13. What are the procedures for eliminating the data at the end of the retention period?

    All data will be retained in accordance with Internal Revenue Manual (IRM) 1.15.29.1 (Item 70).  Data submitted on individual applications will not be retained for any period of time in Mod IEIN; the information will post directly to IDRS.  The IRS will provide, store, and catalog the assignment of EINs posted to the Master File via ERAS.  The Master File is the location where EIN information is permanently stored for IRS record-keeping.

  14. Will this system use technology in a new way? If "YES" describe.  If "NO" go to Question 15.

    No. Mod IEIN will not use technology in a new way.

  15. Will this system be used to identify or locate individuals or groups? If so, describe the business purpose for this capability.

    Yes.  The sharing of information with the TTB regarding companies whose business involves alcohol, tobacco, firearms, or imported perfume (since many perfumes contain ethyl alcohol) may be considered the identification or monitoring of individuals/groups.  The taxpayer willingly and openly supplies information on his/her business as part of receiving the EIN by checking "yes" or "no" to a series of questions regarding involvement in the above mentioned business activities. 

    If he/she indicates that his/her business is involved in the sale, purchase, or trade of the above mentioned items, a record of the application will be copied to a file that will be encrypted and password protected using WinZip and then emailed to a TTB contact on a monthly basis. 

  16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.

    No.  The IRS will not monitor individuals or groups based on the TTB criteria described in item 15 (see above). The IRS will simply create a file that notifies TTB of taxpayers involved in the above mentioned activities. Once the file is retrieved by TTB, it is deleted.  No one from the IRS will have access to the file in the future or have the ability to place internal controls on the account.

  17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.

    Yes. Applicants who indicate that they deal with tobacco, alcohol, firearms, or imported perfumes are reported to the Tax & Trade Bureau (TTB), which is a bureau of the Department of Treasury. Although the IRS does not flag these applicants' accounts internally, a file is created that contains information about the applicant (see question 12 for specific fields) and is sent to a TTB contact on a monthly basis.

  18. Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

    No. The system will not accept unworkable submissions.  Please refer to item 4 for further detail.

    If a user submits an application with incorrect information and that application is processed, the taxpayer will need to request the information be changed by submitting the request in writing.  Once the EIN is assigned, a page will be displayed that has a section that reads “If changes need to be made to your organization’s information, you must do so in writing and mail the information to the address provided on the IRS.gov web site.

  19. If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?

    No. The system only uses “session-only” cookies.  The session cookie is destroyed when the user terminates his/her web browser client; logs out of the application; or when the session timeout period has elapsed due to inactivity (20 minutes), whichever occurs first.
 


Page Last Reviewed or Updated: January 17, 2008