Electronic Fax (e-FAX) Milestone 4b/5 - Privacy Impact Assessment
PIA Approval Date: August 20, 2008
Requested Operational Date: December 31, 2007
E-Fax System Overview:
The e-Fax project is an enterprise solution chartered to replace most, if not all, paper-based facsimile machines across the enterprise. Electronic Fax is a server-based solution that allows incoming and outgoing transmissions without having someone attend to a facsimile machine. Facsimile files can be routed to an employee desktop via the Outlook client or viewed utilizing Internet Explorer browser on the fax server web client. During the Interim deployment phase, faxes can be queried based on originating fax number, the number called, and/or date and time delivered and printing can be done selectively. e-FAX utilizes the Captaris Commercial Off the Shelf (COTS) product called RightFax to accomplish it’s business mission.
EN is currently developing an interim solution to meet selected Wage and Investment (W&I) customer inbound faxing requirements documented in specific Unified Work Requests (UWRs). W&I requested this early rollout to provide some control over the volume of faxes their frontline organizations anticipate for the 2008 tax filing season. The current architecture identifies server complexes located in MCC and TCC, providing receive-only capability and repository where fax's can be viewed and controlled by users. Since most of these frontline organizations are in Campus locations, the virtual server environments are used to provide print servers for hard copy printing. The three W&I functional areas supported by the interim rollout are e-Help, Automated Underreporter (AUR) and Income Verification Express Service (IVES).
Systems of Records Notice (SORN):
Treasury/IRS 00.001--Correspondence Files (including Stakeholder Relationship files) and Correspondence Control Files
Treasury/IRS 34.037-- IRS Audit Trail and Security Records System
Treasury/IRS 36.003-- General Personnel Records
Data in the System
1. Describe the information (data elements and fields) available in the system in the following categories:
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)
A. e-FAX receives facsimiles which come in the form of picture files. No data is parsed or extracted from the fax files. Possible information could include (but not limited to) taxpayer information in the form of signature documents, tax returns, and income verification requests. In addition, the originating fax number from the taxpayer or preparer is captured. W&I Business Units, AUR, e-Help and IVES combined receive approximately 49,963 faxes per day from taxpayers and preparers during peak periods.
B. e-FAX will maintain employee SEID information in the activity logs to track audit trails on fax activity.
C. e-FAX provides each fax with an audit trail. This captures all metadata associated with receiving the fax (ie: number dialled, date/time etc) as well any action that happened to the fax, (ie: accessed, viewed, printed etc.) including employees SEID, date/time etc. (see item B above).
D. Tax Examiners are assigned a unique fax number, which is captured in the system and aligned with the employee SEID for delivery via the Outlook email service.
2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)
B. e-FAX only collects the telephone number that the file was sent to and from as well as the time it was delivered via an audit stamp. The documents contain images (TIFF format) of requested documentation ie: receipts, birth certificates, authorization signatures etc., however the system does not extract and cannot decipher the contents of the fax. The only data elements that are collected and managed by the system are the meta data associated with the fax, including date/time, telephone number etc.
C. e-FAX will obtain employee SEID information from Active Directory. The SEIDs are used to track fax activity and audit trails.
3. Is each data item required for the business purpose of the system? Explain.
Yes – A record of the originating (sending) phone number and the SEID of the employee are required to comply with mandated security requirements. In addition, the inbound fax number is used for routing faxes, that along with the date/time it was delivered and originating telephone number allows the employee to query the system on any of these fields.
4. How will each data item be verified for accuracy, timeliness, and completeness?
Verification of timeliness and completeness of taxpayer faxes is done by the RightFax COTS product. Nothing specific is done by the e-FAX Interim Solution. The SEID is verified by Active Directory synchronizations.
5. Is there another source for the data? Explain how that source is or is not used. No.
6. Generally, how will data be retrieved by the user?
Users with unique fax numbers (IRS Tax Examiners) receive an email notification when a new fax is received with an embedded link to the fax. The user then logs into the e-FAX Interim Solution and can view/print/download their fax from their screen. The interface to e-Fax is via a web client and access control is through Active Directory authentication.
Faxes that are sent to ‘group’ or ‘bulk’ fax numbers are generally systemically printed, if manual printing is needed, clerical employees with delegate permissions log into the e-Fax system via the web browser. These users have been approved by management via OL5081s, and have been allowed delegate permissions for their specific group box by the System Administrators and are authenticated via Active Directory. They only have access to the specific faxbox for their group.
7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?
Yes, the data is retrievable by querying the originating fax number; however multiple taxpayers may have access to that same fax machine/phone number so it cannot be linked to specific names or Social Security numbers.
Access to the Data
8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?
End User Profile / IRS employee
Will have access to query, view and reprint if needed. Users will not have the ability to delete faxes.
Access control is provided by Active Directory, ensuring that only users that have been approved via OL5081 have access to the system. There is an Active Directory synchronization every 3 hours to update user’s status/permissions. Employees with unique fax numbers only have access to their individual fax box. Employees needing access to bulk fax boxes have been provided access via delegate permissions on the RightFax system; these employees are granted access to the bulk folder for their group to perform clerical functions (not to work cases) and have been reminded of UNAX guidelines via the e-Fax training. System Administrator / Limited Access
Will have access to run reports, see system errors and setup end user profiles.
9. How is access to the data by a user determined and by whom?
OL5081 through the approval process provides access to the application. This includes manager and business unit approval. Also the RightFax system administrators control permissions to the system. Users are IRS employees only; no contractors have access.
10. Do other IRS systems provide, receive, or share data in the system? If YES, list the system(s) and describe which data is shared. If NO, continue to Question 12. No.
11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment? N/A.
12. Will other agencies provide, receive, or share data in any form with this system? No.
Administrative Controls of Data
13. What are the procedures for eliminating the data at the end of the retention period?
e-Fax is a service provider for the Business Unit and only maintains temporary electronic copies of faxes for use by the Business Unit as needed. The electronic ‘non-record’ versions of the fax are purged systemically after thirty days using existing RightFax system configuration options based on machine assigned file date. It is triggered on the date the file is first opened or printed by the Business Unit (whichever is earlier). The thirty day period was requested by the business to allow them ample time to query and reprint the fax if needed.
The printed fax document is the official recordkeeping copy for retention purposes. The Business Unit will follow mandatory disposition instructions under Internal Revenue Manual 1.15.29 for the maintenance and destruction of the various types of hardcopy documentation.
14. Will this system use technology in a new way? If "YES" describe. If "NO" go to Question 15. No.
15. Will this system be used to identify or locate individuals or groups? If so, describe the business purpose for this capability. No.
16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring. No.
17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently? Explain. No.
18. Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action? N/A
19. If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?
No. The e-FAX system is an internal website and no cookies or tracking devices are used.