This section describes the requirements for:

The appropriate Manager/Director must approve all CIPs and extensions. (See IRM 4.17.4, Procedures, for complete Approval Process Procedures.)

CIPs must be approved before compliance contacts are made, that is, before taxpayers are contacted by any means as part of a compliance initiative including, but not limited to, taxpayer education, research, examination or collection activity. CIP approval is required whether or not an Audit Technique Guide (ATG) exists.

Valuable information may be obtained from existing data or similar projects. Research should be conducted to determine whether such data or projects exist. If so, document the Background and Objectives section of the authorization request. Some sources of information on other projects are:

If useful data exists, the coordinator should determine if it is available.

If a similar project is identified, the coordinator should consider its methodology, and results, if available, to determine how or if appropriate to proceed with the proposed project.

It is essential that the Service know what taxpayer data it has, who has it, who is authorized to use it, how it is being used, and how it is being safeguarded. To ensure these controls, all external taxpayer specific data not related to cases being worked by an examination or collection function as part of routine business operation will be controlled by the project coordinator.

Data can only be used for approved purposes. If new uses are developed for data already acquired, a separate authorization must be obtained prior to beginning the new use. Approval, if appropriate, must also be obtained from the data source.

The SB/SE PSP Territory Manager/Workload Planning & Analysis Program Manager/SRPP function for LMSB will conduct an annual CIP operational review. Other compliance employees may be asked to assist. The objectives of the review are to evaluate:

Any issues identified or actions taken as a result of the review should be discussed with the PSP Support Territory Manager (or equivalent) and a copy of the results of the review should be shared with the appropriate HQ Director responsible for Workload Selection and Delivery.

The disclosure officer will, as part of the normal quality review of functions, evaluate the controls on third party return information used for CIPs and provide a written report to the PSP Territory Manager/Workload Planning & Analysis Program Manager and to the LMSB Operations Support Manager.

Disclosure officers will, at a minimum, address the following questions during quality reviews:

The Privacy Act of 1974 provides the legal basis for limiting the actions of federal agencies in order to protect the privacy of individuals. Section 6103 of the Internal Revenue Code provides for the protection as well as release of return or return information.

Only the minimum data required to accomplish a task should be acquired. The data must be appropriate, relevant, and necessary for the project. It must be protected against unauthorized disclosure and disposed of appropriately after it is has been used for its intended purpose. IRM 11.3, Disclosure of Official Information, contains additional information.

Physical controls required by IRM 1.16, Physical Security Program, must be used to protect taxpayer information. Additional information may be found in IRM 30.9, Security.

All computer systems containing taxpayer information must adhere to the Computer Security Act of 1987 and to the requirements of IRM 25.10, Information Technology Security Policy and Standards.