Examination Desktop Support System (EDSS)
Privacy Impact Assessment - Examination Desktop Support System (EDSS) Reports Generation Software
EDSS System Overview
The Examination Desktop Support System (EDSS) project will optimize and extend the functionality of the existing Reports Generation System (RGS) system. RGS is an IRS Major Application (MA) consisting of a group of programs running on Microsoft New Technology (NT) Servers and NT workstations. RGS was developed and is maintained by personnel at the Dallas Development Site (DDS) using automation technology to support the examination process. RGS allows key steps involving complex tax calculations to be accomplished more accurately and efficiently through the use of automation. RGS is used for preparing examination reports, performing complex tax and interest related computations, producing correspondence and work papers, and completing case closing documents. It also provides access to Return Transaction File (RTF) data for cases that are being audited and allows the automated closure of cases on the Audit Information Management System (AIMS). RGS is used by revenue agents, tax auditors, and tax examiners in all four operating divisions as well as in appeals, collections, and international functions. It is installed at selected IRS Service Center (SC) Campuses and Area Offices (AOs). Release 1 of EDSS will not change any of the above, however, it is anticipated that EDSS will operate in a limited environment located at one of the IRS Service Center Campuses.
I. DATA IN THE SYSTEM
1. Generally describe the information to be used in each of the following categories: Taxpayer, Employee, and Other.
The EDSS contains individual taxpayer data extracted from the Master File and contained in the RTF. This data requires protection under the provisions of the Privacy Act of 1974 (as amended). Privacy information in data fields includes:
* Taxpayer Name
* Taxpayer Address
* Taxpayer Social Security Number (SSN]
* Employer Identification Number (EIN) [If assigned]
Note: A TIN is a SSN (Individual) or an EIN (Business).
The EDSS host platform is run on servers with the XXXXX XXXXX XXXXX XXXXX XXXX XXX, employee information requiring protection under the Privacy Act of 1974. This information includes:
Employee Work Location
Employee Phone Number
The EDSS does not contain other categories of information requiring protection from unauthorized or unintentional disclosure, modification, or destruction.
2. What are the sources of the information in the system?
a. What IRS files and databases are used?
EDSS is used for preparing examination reports, performing complex tax and interest related computations, producing correspondence and work papers, and completing case closing documents. It utilizes an extract from the Master File consisting of taxpayer information from individual IRS forms 1040. The EDSS uses the Return Transaction File (RTF) data for cases that are being audited and allows the automated closure of cases on the AIMS.
b. What Federal Agencies are providing data for use in the system? None. See Section I.2.a above.
c. What State and Local Agencies are providing data for use in the system? None.
d. From what other third party sources will data be collected?
The EDSS does not (by itself) obtain information from other third-party sources.
e. What information will be collected from the taxpayer/employee?
No additional information will be collected from taxpayers.
Employee information collected from the IRS Form 5081 is used to grant access to the EDSS. This information includes:
Employee’s Social Security Number
Employee’s Work Location
3. a. How will data collected from sources other than IRS records and the taxpayer be verified for accuracy?
Not applicable, the EDSS does not collect data from sources other than IRS records.
b. How will data be checked for completeness?
The Master File extract and the RTF are checked for completeness by SC personnel.
The employee’s manager is responsible for checking the completeness of the IRS form 5081.
c. Is the data current? How do you know?
The Master File extract and the RTF files used are for the year(s) under review. Currency checks are accomplished by SC personnel.
The employee’s manager is responsible for checking the completeness of the IRS Form 5081.
4. Are the data elements described in detail and documented? If yes, what is the name of the document?
Yes. The EDSS Section within the DDS Data Dictionary maintains a complete record of all data elements applicable to the EDSS. Documentation is maintained in the “DATA-ELEMENTS\ENTITY-LINE1-NUM.DOC” file on the EDSS web page.
II. ACCESS TO THE DATA
1. Who will have access to the data in the system (Users, Managers, System Administrators (SAs), Developers, and Other)?
EDSS System Administrators (SAs)
EDSS Development Team (DDS only)
2. How is access to the data by a user determined? Are criteria, procedures, controls, and responsibilities regarding access documented?
Access to the host site LAN, Host Server, and the EDSS is established through use of the IRS Form 5081.
Each employee must be granted access to the site LAN and EDSS in writing. Specific permissions (Read, Write, Modify, Delete, Print) are defined on the 5081 form and set (activated) by the SA prior to the employee being allowed network and EDSS access. The IRS Form 5081 is maintained on file with the SA.
The provisions of Internal Revenue Code Section 6103 are applied by the EDSS Project Office Staff in the assignment of individual and group permissions.
3. Will users have access to all data on the system or will the user’s access be restricted? Explain.
EDSS access is restricted as detailed below:
EDSS SAs have full access to the application and data.
EDSS Managers have full access and permissions to the specific area of the EDSS assigned to their group. They may assign work to their assigned Users and Clerks ONLY.
EDSS Clerks have access limited to files/records within their group (Assigned by the Group Manager).
EDSS Developers have access to identified system and application controls necessary to develop, modify, delete, change and test applications at the XXXXX XXXX XXXX.
EDSS Users have access permissions to individual work assignments. Work assignments are made by the Group Manager.
The EDSS and the NT System host platforms, network controls and permissions are set to support EDSS. The EDSS database on the host servers and RTF servers is partitioned and access is controlled via permission sets on the IRS Form 5081. User access is restricted to the partition assigned to their specific Group.
4. What controls are in place to prevent the misuse (e.g. browsing) of data by those having access?
The NT Servers Operating System discretionary access controls are set to control access to the EDSS. The EDSS controls access within the application according to present application controls for the groups and permissions detailed above. The NT Audit Trail tracks the actions of all users who access the EDSS. The EDSS system log monitors all actions of individual users within the EDSS. Audit trail and system logs are reviewed periodically by the SA and Site Security Administrator.
The provisions of Internal Revenue Code 6103 are applied by the EDSS Project Office staff in the assignment of individual and group permissions.
In addition, all IRS personnel receive annual training on the “Taxpayer Browsing Protection Act of 1997 (UNAX) and certify completion of annual UNAX awareness briefing by signature and supervisory acknowledgement.
5. a. Do other systems share data or have access to data in this system? If yes, explain.
The EDSS (in the LAN Mode) is accessed by logging on to the site LAN then logging in to the EDSS.
The EDSS receives via file transfer protocol (FTP) a RTF. Designated Managers/Clerks may provide an update of closed case files to AIMS via Integrated Data Retrieval System (IDRS) for cases that are being audited and allows the automated closure of cases in AIMS.
b. Who will be responsible for protecting the privacy rights of the taxpayers and employees affected by the interface?
The EDSS SAs and assigned Managers/Clerks at the host sites.
6. a. Will other agencies share data or have access to data in this system (International, Federal State, Local, Other)? No.
b. How will the data be used by the Agency? Not Applicable.
c. Who is responsible for assuring proper use of the data? Not Applicable.
d. How will the system ensure that agencies only get the information they are entitled to under IRC 6103?
The provisions of Internal Revenue Code 6103 are applied by the Project Office staff in the assignment of individual and group permissions.
III. ATTRIBUTES OF THE DATA
1. Is the use of the data both relevant and necessary to the purpose for which the system is being designed? Yes.
2. a. Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected? No.
b. Will the new data be placed in the individual’s record (taxpayer or employee)? No.
c. Can the system make determinations about taxpayers or employees that would not be possible without the new data? No.
d. How will the new data be verified for relevance and accuracy?
Not Applicable. The EDSS does not derive new data nor create previously unavailable data.
3. If data is being consolidated, what controls are in place to protect the data from unauthorized access or use?
Not Applicable. The EDSS does not consolidate data nor create previously unavailable data.
4. If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access? Explain.
Not Applicable. The EDSS does not consolidate data nor create previously unavailable data.
5. How will the data be retrieved? Can it be retrieved by personal identifier? If yes, explain.
Data retrieval within the EDSS is dependent on the EDSS Group Manager at each site assigning cases to individual users or to clerks within their group. EDSS access is limited to those IRS employees previously granted access to the EDSS via the IRS Form 5081.
a. Consolidation and linkage of files and systems;
The EDSS is linked via FTP to Master File information XXXXX XXXXX XXXXX XXXXX. The RTF extract from the Master File is site-specific and is only accessible by the designated site and its designated groups. AIMS upload connectivity is through the IDRS connection and complies with IDRS access and security procedures.
b. Derivation of data; Not Applicable.
c. Accelerated information processing and decision making;
The EDSS provides accelerated information processing by allowing key steps involving complex tax calculations to be accomplished more accurately and efficiently through the use of automation. EDSS is used for preparing examination reports, performing complex tax and interest related computations, producing correspondence and work papers, and completing case closing documents.
d. Use of new technologies.
The migration of EDSS to NT systems enhances IRS productivity and exploitation of emerging technologies. EDSS will operate in the current OS of Microsoft Windows available via the COE.
5. How are the effects to be mitigated? Not Applicable.
IV. MAINTENANCE OF ADMINISTRATIVE CONTROLS
1. a. Explain how the system and its use will ensure equitable treatment of taxpayers and employees.
The host NT System Audit Trail and Security Records and the EDSS system logs provide for individual accountability and responsibility in the protection of taxpayer and employee information. The EDSS Managers are responsible for the equitable treatment of taxpayers within the jurisdiction of the group. The EDSS SAs and Security Administrators (Functional Security Coordinators) are responsible to review security records to ensure equitable treatment of employees associated with the EDSS.
b. If the system is operated in more than one site, how will consistent use of the system and data be maintained in all sites?
The EDSS Configuration Management Plan (CMP) provides instructions and procedures to maintain the system at the selected SCs and AOs.
c. Explain any possibility of disparate treatment of individuals or groups. Not Applicable.
2. a. What are the retention periods of data in this system?
Taxpayer case file information is archived and maintained in accordance with IRS requirements. Audit trails are maintained as archived data according to IRS requirements.
b. What are the procedures for eliminating the data at the end of the retention period? Where are the procedures documented?
The closed case files are forwarded to the AIMS and are maintained according to the procedures established within AIMS.
The NT Audit Trail is written to file and is archived. Procedural information is contained in the ”Operation Guide”. and the NT System’s Trusted Facility Manual (TFM).
c. While the data is retained in the system, what are the requirements for determining if the data is still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?
The EDSS Design Section within the DDS MCC are responsible for documenting the procedures to ensure that EDSS data requirements are accurate, relevant, timely and complete.
3. a. Is the system using technologies in ways that the IRS has not previously employed (e.g. Caller-ID)? No.
b. How does the use of this technology affect taxpayer/employee privacy?
Not Applicable to taxpayer or employee privacy.
4. a. Will this system provide the capability to identify, locate, and monitor individuals? If yes, explain.
Yes. The EDSS identifies taxpayers through the use of the individual’s Name or TIN.
The NT System Audit Trail l will monitor the actions of assigned users at the server through the use of the User Identification (USERID) function.
b. Will this system provide the capability to identify, locate, and monitor groups of people? If yes, explain.
Yes. The NT Server’s OS will monitor (through the Audit Trail) the actions of EDSS users in accessing the EDSS. The EDSS System Log will monitor the specific actions of individual users within the EDSS application.
What controls will be used to prevent unauthorized monitoring?
The EDSS protects data internally to the EDSS by assigning system attributes and resources to pre-defined user groups. The action of each user can be monitored by the system log (audit functions). Host platform Audit trails monitoring access to the EDSS are reviewed by Security Administrators (Functional Security Coordinators).
In addition, all IRS personnel receive annual training on the Taxpayer Browsing Protection Act of 1997 (UNAX) and certify completion of annual UNAX awareness briefing by signature and supervisory acknowledgement.
5. a. Under which System of Record (SOR) Notice does the system operate? Provide number and name.
Treasury/IRS 22.061, Individual Return Master File (IRMF)
Treasury/IRS 36.003, General Personnel and Payroll Records
Treasury/IRS 34.037, IRS Audit Trail and Security Records System
Treasury/IRS 42.001, Examination Administrative File
Treasury/IRS 42.008, Audit Information Management System (AIMS)
b. If the system is being modified, will the SOR require amendment or revision? Explain. No.