International Passport Office Program
Privacy Impact Assessment – International Passport Office Program
IPOP System Overview:
The IPOP database is used to monitor passports that are maintained for IRS employees. Information monitored in IPOP includes passport number, issue date, expiration date, leave/return dates of employees on travel status, employee name, date of birth, employees travel destination. It uses a Form record format within Microsoft ACCESS. All information within the Form record is input manually by employees of the International Meeting, Travel, and Visitors Program Branch.
System of Records Notice(s):
Treasury/IRS 26.003 General Personnel Payroll Records
Data in the System
1. Describe the information (data elements and fields) available in the system in the following categories:
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)
A. Not applicable.
* Data elements include:
* passport number
* issue date
* expiration date
* leave/return dates of employees on travel status
* employee name
* date of birth (DOB) of employee
* employees travel destination and business address
* employee title/rank
* clearance information (e.g. secret)
* type of passport (e.g. diplomatic)
C., D. Not applicable.
2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)
A., B. Not applicable
All data elements are about and obtained from employees. All information within the Form record is input manually by employees of the International Meeting, Travel, and Visitors Program Branch.
D., E., F. Not applicable
3. Is each data item required for the business purpose of the system? Explain.
Yes. The IPOP database is used to monitor passports that are maintained for IRS employees.
4. How will each data item be verified for accuracy, timeliness, and completeness?
Presently, there is no routine data verification process. However, data entry is spot checked by the IPOP supervisor for accuracy.
5. Is there another source for the data? Explain how that source is or is not used.
No. The only data source is the employees and their passport information.
6. Generally, how will data be retrieved by the user?
Data can be retrieved by the employee’s name or passport number.
7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?
Yes, the data is retrievable by passport number.
Access to the Data
8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?
Users, Administrators and Developers will have access to the data in the system.
NOTE: The developer is an IRS employee in the same office so when problems with the program arise the developer can see the data on the user’s machine while resolving the problem.
9. How is access to the data by a user determined and by whom?
IPOP administrators create accounts for users authorized by management. Accounts are created via email to the system administrator. IPOP is not on the 5081 system.
10. Do other IRS systems provide, receive, or share data in the system? If YES, list the system(s) and describe which data is shared. If NO, continue to Question 12. No.
11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment? Not applicable.
12. Will other agencies provide, receive, or share data in any form with this system? No.
Administrative Controls of Data
13. What are the procedures for eliminating the data at the end of the retention period?
Presently, there are no procedures in place for periodic data destruction. Data will be retained for this project for 15 years. Data can be destroyed after 15 years as that is how long the passports are needed after they expire.
14. Will this system use technology in a new way? If "YES" describe. If "NO" go to Question 15. No.
15. Will this system be used to identify or locate individuals or groups? If so, describe the business purpose for this capability.
Yes. In emergency/crisis situations (e.g. London bombing), the system may be used to identify which employees are in countries of interest.
16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring. No.
17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently? Explain. No.
18. Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action? No.
19. If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?
No, the system is not web-based. The system administrator installs an icon on the user’s desktop which is a link to the server that allows database directory access.