IRS Logo
Print - Click this link to Print this page

e-Postcard Public Disclosure Application - Privacy Impact Assessment

PIA Approval Date:  September 14, 2007

Requested Operational Date:  January 1, 2008

System of Records Number(s) (SORN) #:  

Treasury/IRS Audit Trail and Security Records System 34.037. 

Note that the ePostcard Disclosure application will contain only exempt organization annual filing notifications that are disclosable under IRC 6104 and were mandated to be made publicly available in accordance with the Pension Protection Act of 2006.

System Overview:

Allow users to retrieve, display or download Form 990-N filings (ePostcards).  Note:  A previous PIA request for the ePostcard application was forwarded to your office in December 2006; however, that request asked for consideration of the front end notice filings piece of the system.  This PIA requests concurrence for the back end disclosure piece of the system. 

Data in the System

1.  Describe the information (data elements and fields) available in the system in the following categories:

A.  Taxpayer
B.  Employee 
C.  Audit Trail Information (including employee log-in info)
D.  Other (Describe)


A.  Taxpayer name, doing business as name, Employer Identification Number (EIN), address, name of principal officer, address of principal officer, accounting period and website address, if applicable.
B.  Not Applicable (N/A)
C.  N/A
D.  There are also two checkboxes the filers must check, one to indicate if they are terminating operations and the other to verify that their gross receipts are still below $25,000  per year.

2.  Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.

A.  IRS
B.  Taxpayer
C.  Employee
D.  Other Federal Agencies (List agency) 
E.  State and Local Agencies (List agency)
F.  Other third party sources (Describe)


A.  We will pre-populate the organization’s name control, name and accounting period from the National Accounts Profile (NAP).
B.  We will obtain from filers all of the data elements described in 1. A. above. 
C.  N/A
D.  N/A
E.  N/A
F.  N/A

3.  Is each data item required for the business purpose of the system?  Explain.

Yes.  The Pension Protection Act of 2006 requires that all of the data fields we will collect be provided by the Form 990-N filer.

4.  How will each data item be verified for accuracy, timeliness, and completeness?

We will be verifying the EIN, name control, name and eligibility of the filer to file the 990-N based on the information contained in the NAP file.  If a filer attempts to input a data field that does not match the NAP data, the filer will be alerted to check their data input.

5.  Is there another source for the data?  Explain how that source is or is not used.

This is a new filing requirement for small organizations who were previously not required to file annual information returns. Therefore, no additional source is available.

6.  Generally, how will data be retrieved by the user? 

Users will be able to query the database of filings on-line to either view a particular filing or download a filing or a subset of filings, e.g., all filings for a particular filer or all filings for a particular state.

7.  Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? 

Yes.  By EIN or organization name and/or tax period.

Access to the Data

8.  Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Users, Managers, IRS employees, watchdog groups and any other interested persons. IT personnel will not have access to live data while developing the application.

9.  How is access to the data by a user determined and by whom? 

Access will be widely available through the IRS.gov public portal.  Since tax exempt organization data is disclosable under IRC 6104  there are no access restrictions.

Although Personally Identifiable Information (PII) will be displayed (name and address of the principal officer filing the Form 990-N notice)
there will be no restrictions applied to protect the PII because the statute specifically requires that it be present.

10.  Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

Yes, National Account Profile (NAP) data will be used validate an organization’s eligibility to file the Form 990-N and will pre-populate the 990-N data fields described in 2.A. above.  In addition, the Modernized Tax Return Data Base (MTRDB) will be used to generate the facsimiles of 990-N filings that will be uploaded to the IRS public portal for disclosure purposes.

11.  Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?

Yes, these systems have gone through the Certification and Accreditation process required by FISMA.

12.  Will other agencies provide, receive, or share data in any form with this system? 

No.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

Form 990-N filings will remain on line for a period of three years.  Any filings more than three years old will be automatically purged from the system by the contractor who is building and will be maintaining the ePostcard disclosure application for the Service.  The three year disclosure period is consistent with section 6104(d)(2) of the IR Code, which imposes on the Secretary a “3-year limitation on inspection of returns”.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15.  No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.

Yes, the Pension Protection Act of 2006 requires that these filings be made widely available for public scrutiny.  The rationale for this is to allow public oversight of organizations that enjoy exemption from taxation.  As an additional benefit, it will enable the IRS to better stay in contact with this segment of the exempt organization customer base, which in the past has been difficult to stay in contact with due to the frequency these mostly volunteer organizations change officers and either move or cease operations without our knowledge.

16.  Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.

No.  The very limited data we will be collecting (listed in 1. A. above) would preclude us from doing anything more than knowing that the organizations do still exist and where they are located.  Since there is no financial data or activity descriptions collected from 990-N filings it would not be possible to perform any kind of compliance activities on this segment of the exempt organization universe. 

17.  Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.  No.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?  No.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?  No.

Page Last Reviewed or Updated: 01-Apr-2014