Remittance Processing System (RPS)
Privacy Impact Assessment -- Remittance Processing System (RPS)
RPS System Overview
The Remittance Processing System (RPS) is an automated system for remittance data. RPS primarily transforms the records transcribed by the Lockbox Banks and Integrated Submission and Remittance Processing (ISRP) system into the prescribed format for Generalized Mainline Framework (GMF) mainline processing, performs error flagging, creates deposit reports and generates master control records used in Service Center Control File processing for each deposit block
Data in the System
1. Generally describe the information to be used in the system in each of the following categories: Taxpayer, Employee, and Other.
Taxpayer, Employee, Other:
The RPS system processes only one taxpayer identification item and from one to three payment amounts. The other data is a string of internal use codes that are discernable only by trained IRS business users, and which are used as triggers and controls for subsequent IRS pipeline processing. There is no employee or other data processed by RPS.
2. What are the sources of the information in the system?
2.a. What IRS files and databases are used?
Business Taxpayer Information File (BTIF)
The RPS system accesses the BTIF database to perform entity validation. RPS reads information from the Taxpayer Information File (TIF).
Integrated Submission and Remittance Processing System (ISRP)
Remittance information is provided from ISRP on two files, one containing deposit data and one containing transaction data.
The IRS contracts with banks that process taxpayer payment (remittance) data called LOCKBOX Banks. The LOCKBOX banks provide Deposit data and Transaction data to the RPS system.
DED EDIT (DED01P)
When a LOCKBOX bank provides Transaction data on tape, that file is taken into the first batch program in a string of daily batch programs (DED01P) for validation and reformatting before being output as the RPS0505 file. The RPS0505 file is input to the RPS system.
2.b. What Federal Agencies are providing data for use in the system?
None. RPS does not receive data from other Federal Agencies.
2.c. What State and Local Agencies are providing data for use in the system?
None. RPS does not receive data from Local governments or entities.
2.d. From what other third party sources will data be collected?
RPS receives data from IRS contracted LOCKBOX bank sites.
2.e. What information will be collected from the taxpayer/employee?
The RPS system processes one identification item and from one to three payment amounts that come from taxpayer submissions. RPS does not process employee data.
3.a. How will the data collected from sources other than IRS records and the taxpayers be verified for accuracy?
This is not applicable to the RPS system.
3.b. How will data be checked for completeness?
Completeness will be verified further downstream in the payment matching and posting process. Incomplete submissions will not post and will be identified on error reports.
3.c. Is the data current? How do you know?
RPS payment records contain a payment received date.
4. Are the data elements described in detail and documented? If yes, what is the name of the document?
Yes, The data elements used by the RPS system are described in the data dictionary section of the Functional Specification Package 1.33.00.00.
Access to the Data
1. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?
Only IRS production personnel who have authorization can gain access to the RPS input and output data tapes or discs by accessing the UNISYS system and requesting file dumps.
IRS Error Resolution Tax Examiners:
IRS error resolution Tax Examiners correct errors identified by downstream processing.
IRS Accounting Staff:
Have access to RPS reports that are used in the accounting of cumulative deposit and transaction information.
IRS Applications Developers:
IRS Applications Developers can gain access to RPS data when researching software problems. IRS guidelines and procedures for accessing live taxpayer data are enforced at all times.
Managers of the above types of employees, except for applications developers, have the same level of access to data as their employees.
2. How is access to the data by a user determined?
Access is determined by functional business needs.
2. a. Are criteria, procedures, controls, and responsibilities regarding access documented?
Yes. All IRS functional areas operate within strict and enforced guidelines surrounding access needs, authorization and control. Systemic audit trails exist where applicable and audit reports are reviewed by management in the functional business units.
3. Will users have access to all data on the system or will the user's access be restricted? Explain.
Users have access to data as needed to capture and perfect payment data.
4. What controls are in place to prevent the misuse (e.g. browsing) of data by those having access?
There are no browsing applications for accessing payment data in the RPS arena. Otherwise, the IDRS system contains a multitude of on-line command codes that have specific browse and update functionality for taxpayer accounts, including those which RPS payments are posted to. There are internal systemic audit trails in effect for all IDRS command codes, and management is provided with audit reports for action as necessary.
5.a Do other systems share data or have access to data in this system? If yes, explain.
Yes, there are a number of secured downstream IRS pipeline systems that use data output by RPS.
5.b. Who will be responsible for protecting the privacy rights of the taxpayers and employees affected by the interface?
The owners and business users of the interfacing systems are responsible for protecting taxpayer and employee rights.
6.a. Will other agencies share data or have access to data in this system (International, Federal, State, Local, Other)?
No other State, International, Local, or other kinds of agencies share data or have access to RPS data.
6.b. How will the data be used by the agency?
This is not applicable to the RPS system as stated above.
6.c. Who is responsible for assuring proper use of the data?
This is not applicable to the RPS system as stated above..
6.d. How will the system ensure that agencies only get the information they are entitled to under IRC 6103?
This is not applicable to the RPS system as stated above.
Attributes of the Data
1. Is the use of the data both relevant and necessary to the purpose for which the system is being designed?
Yes. All data processed through the RPS system is relevant and necessary. The system is responsible for receiving, validating, and formatting remittance data, and supporting IRS employees who need the data. The summary reporting data that is used by IRS Accounting functions in the Processing Centers and the reports are used by Management to review programs and processing procedures.
2.a. Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected?
No, the RPS system does not pull data from several sources in order to build records on individuals taxpayers, employees, or other groups of taxpayers. However, summary reporting data are derived from the remittance amounts from taxpayer’s data.
2.b. Will the new data be placed in the individual’s record (taxpayer or employee)?
This is not applicable as stated above.
2.c. Can the system make determinations about taxpayers or employees that would not be possible without the new data? No.
2.d. How will the data be verified for relevance and accuracy?
Inaccurate data will be identified in subsequent matching and posting processing, and error resolution is an integral part of the downstream pipeline.
3.a. If the data is being consolidated, what controls are in place to protect the data and prevent unauthorized access? Explain.
This is not applicable to the RPS system.
3.b. If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access? Explain.
The scheduled IDRS TIF consolidation is retaining the same data protections as those which exist in the current TIF.
4. How will the data be retrieved? Can it be retrieved by personal identifier? If yes, explain.
RPS data can be retrieved by using the UNISYS system in order get prints of files or summary reporting data. Data can also be retrieved by authorized business users via one or more IDRS command codes.
4. What are the potential effects on the due process rights of taxpayers and employees of:
a. Consolidation and linkage of files and systems;
RPS does not consolidate data. Systemic changes are transparent to taxpayers and employees, and they are kept within privacy and disclosure guidelines.
b. Derivation of data;
No harmful derivations can result from capturing, perfecting and posting tax payments.
c. Accelerated information processing and decision making;
IRS processing center management use RPS summary data to make decisions involving processing volume and error resolution. IRS accounting personnel in the processing centers use RPS summary data to account for remittances. No harmful effects can result from the use of RPS data in this manner.
d. Use of new technologies;
No. The use of new technologies will not create new needs to protect the data, as access will remain constrained to secured IRS and FDB computer systems and authorized business users.
How are the effects to be mitigated?
Per the above, there will be no situation where mitigation will be necessary.
Maintenance of Administrative Controls
1.a. Explain how the system and its use will ensure equitable treatment of taxpayers and employees.
The system exists for the purpose of posting taxpayer payments to their respective accounts as quickly and as accurately as possible.
The RPS system does not process employee data, nor does it apply to the treatment of employees.
1.b. If the system is operated in more than one site, how will consistent use of the system be maintained at all sites?
The RPS system employs identical batch programs for use at all processing sites. The RPS processing stream is designed for a specific execution sequence. Deviations in application execution will result in highly visible negative results.
1.c. Explain any possibility of disparate treatment of individuals or groups.
Systemic errors and operational errors will result in highly visible negative results, internally. If this occurs, applications developers and or business users take immediate action to correct and reprocess data as necessary before there is an impact on taxpayers.
2.a. What are the retention periods of data in this system?
RPS does not hold data in a database. However, retention periods on output files are 1 day, 7 days, 15 days and 30 days as deemed appropriate for the nature of the data.
2.b. What are the procedures for eliminating the data at the end of the retention period? Where are the procedures documented?
The Computing centers are responsible for erasing tapes or deleting files at the end of the retention periods. The procedures are documented in the Computer Operators handbooks (COH).
2.c. While the data is retained in the system, what are the requirements for determining if the data is still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?
Not applicable to RPS. Payment data is posted to taxpayer accounts to permanently reconcile tax liabilities.
3.a Is the system using technologies in ways that the IRS has not previously employed (e.g. Caller-ID)? No.
3.b How does the use of this technology affect taxpayer/employee privacy?
Not applicable to the RPS system.
4.a Will this system provide the capability to identify, locate, and monitor individuals? If yes, explain.
No. RPS is not designed to identify, track, locate, or monitor individuals.
4.b. Will this system provide the capability to identify, locate, and monitor groups of people? If yes, explain.
No. RPS is not designed to identify, track, locate, or monitor groups of people.
4.c. What controls will be used to prevent unauthorized monitoring?
RPS file access is restricted to authorized applications development staff and to authorized computing center operations staff through internal controls which include audit trails. In addition, IT management is held to the standards and guidelines developed for protection of taxpayer data, protection of computer processing systems and protection of computer equipment.
5.a. Under which Systems of Record notice (SOR) does the system operate? Provide number and name.
Treasury-IRS 34.037 IRS Audit Trail and Security Records.
Treasury-IRS 24.046 CADE Business Master File
5.b. If the system is being modified, will the SOR require amendment or revision? Explain.
The system is not being modified.