IRS Logo
Print - Click this link to Print this page

Customer Self Service Voice Response Unit

Privacy Impact Assessment - Customer Self Service Voice Response Unit (CSS VRU)

CSS System Overview:

The CSS VRU Privacy Impact Assessment has been written to replace the CC01 Privacy Impact Assessment.  The CC01 PIA, when last recorded included three sub-systems (CSS VRU, Automatic Call Distributor-ACD, and Intelligent Contact Manager-ICM).  Since CC01, these systems have been separated and are recording individual PIAs.  The purpose of the CSS VRU is to connect individual taxpayers to the IRS through an automated voice response unit that provides taxpayers with snapshots of their tax records via the telephone.  Using provided toll-free numbers, taxpayers use the CSS VRU to gain access to their refund status, filing status, mailing date, etc. 

System of Record Number(s): 

Treasury/IRS 00.001 Correspondence Files (including Stakeholder Relationship files) and Correspondence Control Files
Treasury/IRS 22.054 Subsidiary Accounting Files
Treasury/IRS 22.061 Individual Return Master File (IRMF)
Treasury/IRS 22.062 Electronic Filing Records
Treasury/IRS 24.013 Combined Account Number File, Taxpayer Services
Treasury/IRS 24.029 Individual Account Number File (IANF)
Treasury/IRS 24.030 CADE Individual Master File (IMF), (Formerly: Individual Master File (IMF))
Treasury/IRS 24.046 CADE Business Master File (BMF) (Formerly: Business Master File (BMF))
Treasury/IRS 34.020 IRS Audit Trail Lead Analysis System (ATLAS)
Treasury/IRS 34.037 IRS Audit Trail and Security Records System

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

A. Sensitive But Unclassified (SBU) taxpayer data in the system includes:
* Taxpayer Identification Number
* Personal Identification Number
* Caller Identification Number
* Date of Birth
* Tax Period
* Filing Status
* Expected Refund Amount
* Refund/Credit/Rebate Status
* Zip Code

B. The system is fully automated and requires no employee interaction for processing taxpayer contacts.

C. System audit data is viewed by the security administrator and is used to identify unauthorized access. This data is gathered by commercial off the shelf (COTS) security auditing capability provided with the operating system.  Data gathered by the security audit system include elements such as login ID, login date/ time, logout date/ time, files/ directories accessed, and attempted security violations, such as invalid passwords or logins. 

D. System performance data from management information system (MIS) files will be used to measure system and application performance, including availability, reliability, usability, and resource usage.

Call data from the Public Switched Telephone Network (PSTN) is used to route callers to the appropriate automated self-service application or customer service representative (CSR). This data includes the Dialed Number Identification Service (DNIS) and the Automated Number Identification (ANI).

Other data includes messages and information of a general nature (non-taxpayer/employee associated) including IRS Publications, directories of IRS toll-free numbers, IRS hours of operation, frequently asked questions and associated answers, and general system error messages.

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

A. The CSS VRU currently contains 8 primary interactive applications to assist taxpayers with general inquiries concerning their taxes.  The applications are: View Credit, View Debit, Location, Payoff, PIN, Refund, Transcript, and Voice Balance Due (VBD).

All the above CSS applications interface with the Customer Communications Interactive Processor (CC IP), an intermediary IRS system, which interfaces with other IRS database systems via command codes.  These command codes help determine from where data is obtained by the CC IP. For example, the command code “AISDL” uses Integrated Data Retrieval System (IDRS) Taxpayer Identification Files (TIF), the National Account Index (NAI), National Account Profile (NAP), and Corporate Files On Line (CFOL) to obtain data.  Please refer to the CC IP PIA for more detail on what taxpayer information is retrieved and processed from the IRS master files.  
The only exception to this is the Location application, which interfaces with a data file that resides on the CC IP. This file contains IRS mailing addresses used by taxpayers to submit various IRS forms.  The Location application retrieves the mailing address corresponding with the zip code and form.  

Data records as described in Section 1 are retrieved from the CC IP and used by CSS systems in order to process a taxpayer call.  This data is only maintained on the system for the duration of the call. The CSS VRUs are IRS only systems, and only personnel authorized via Form 5081 have access to them.

B. The CSS VRU obtains different data from taxpayers based on the purpose of their call and thus the application with which the taxpayer is interacting. Data elements obtained from taxpayers are:
* Taxpayer Identification Number
* Personal Identification Number
* Caller Identification Number
* Date of Birth
* Tax Period
* Filing Status
* Expected Refund Amount
* Refund/Credit/Rebate Status
* Zip Code

C. The CSS VRU does not acquire data from employees.
D. The CSS VRU does not acquire data from other federal agencies.
E. The CSS VRU does not acquire data from state or local agencies.
F. Call data, specifically DNIS and ANI, is obtained directly from the PSTN.

3.  Is each data item required for the business purpose of the system?  Explain.

Data retrieved from taxpayers and the IRS is required for one or more of three basic functions:
1. to authenticate the customer
2. to route the customer to the correct automated application or customer service representative
3. to retrieve and provide the information requested by the taxpayer

4. How will each data item be verified for accuracy, timeliness, and completeness?

Data retrieved from IRS sources via the Customer Communications Interactive Processor (CC IP) (e.g. taxpayer account data) is first verified by the CC IP for accuracy, timeliness, and completeness. Then, it is passed on to the CSS VRU for application use.

Data obtained from the CC IP is verified on the CSS VRU for format and length.  The CSS VRU verifies timeliness by establishing unique transaction IDs for the VRU to CC IP data exchange with appropriate transaction timeouts.  Data associated with transaction timeouts is discarded.

Data obtained via the CC IP for taxpayer authentication/ authorization purposes is matched against data obtained directly from taxpayers. During the authentication process, no data obtained from IRS files / databases is provided / revealed to the customer.

Data coming from the taxpayer is validated for format and length (e.g. individual TIN is 9 digits; each digit is character (0-9)).

Data collected from the PSTN for call routing purposes is not verified for accuracy. This data is derived from PSTN (i.e. AT&T) phone switches and can be considered raw source data. This data includes the DNIS and the ANI. The only way to verify accuracy would be to place separate monitors on the switches in order to independently collect the same raw data and then make a comparison. This would be costly, expensive, and potentially raise legal questions. 

Telephone call data obtained from the PSTN is sent with the telephone contact to the CSS VRU. Thus, its timeliness is guaranteed.  The completeness of PSTN data is verified simply by validating the correct number of digits in each field.  Data that does not meet these completeness criteria is flagged in application error logs retained by the IRS according to the Records Retention Policy.

5. Is there another source for the data?  Explain how that source is or is not used.

There are no other sources for the data being used by the CSS VRU.

6. Generally, how will data be retrieved by the user? 

Data will be retrieved by the customer via the telephone.  Customer data is collected via Dual-Tone Multi-Frequency™ (Touch-Tone) data entry or speech recognition data entry.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? 

Yes.  Data is retrievable by customers using a personal identifier.  The CSS VRU requires personal identifier information for authentication.  Personal identifier information retrieved from customers includes:
• Taxpayer Identification Number
• Personal Identification Number

Additional information retrieved from customers for authentication purposes includes:
• Tax Period
• Filing Status
• Expected Refund Amount

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Users, as defined for the CSS VRU, include individual taxpayers, practitioners, business, and government entities that contact the IRS via established telephone numbers for any number of account and non-account related proposes. Users have access to only their own SBU taxpayer data.

System Administrators (SA) have access to the system as part of their job duties of maintaining and configuring systems. Consequently, an SA will have access to all CSS VRU data.

Vendor Maintenance Staff have access to the system for maintenance purposes. Access is directly controlled by System Administration personnel.

Customer Communications Management Information System (CC MIS) Users have indirect access to the MIS data by requesting reports that contain MIS data and summarized information.  Access to MIS data is controlled via user id/ password identification and authentication methods. 

9. How is access to the data by a user determined and by whom? 

Users, to access the system via IRS established telephone numbers, must meet basic eligibility requirements and be authenticated by their taxpayer information with none of the following indicators on their account: 1) a dangerous taxpayer; 2) under criminal investigation; 3) PIN disabled; 4) duplicate SSN; 5) inconsistent cross-referenced SSN; 6) shown as deceased. All of these factors are considered by CC IP which then communicates the authorization to the CSS VRU.

SA, Vendor Maintenance Staff, and CC MIS Users must complete Form 5081 to access the system.  The Manager or Contract Officer’s Technical Representative (COTR), the security coordinator, and the system owner must approve system access and the permission level.

An IRS employee or contractor user’s position and “need-to-know” determine the type of access to the data. A user’s access to the data terminates when it is no longer required. Criteria, procedures, controls and responsibilities regarding access are documented in the CSS VRU Security Features User’s Guides and Trusted Facility Manuals.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

* MIS data to the CC MIS system
* Taxpayer data, including SBU data, from the CC IP system
* No data

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?

Both the CC MIS and CC IP systems are currently renewing security certification and privacy impact assessment.

12.  Will other agencies provide, receive, or share data in any form with this system?  No.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

Taxpayer data is removed from the VRU when no longer needed to support the taxpayer session. There is no retention period for taxpayer data, with the exception of TIN data used to check for more than three invalid re-entries.  TIN data used for invalid re-entry analysis is automatically deleted every 24 hours. 

Data that is retained in MIS and audit logs will remain on the VRU until eliminated by the System Administrator (SA).  Using a script, the SA is able to manually eliminate data from the sub-system or have data automatically removed using a specified timeframe for elimination (e.g. data that is 90 days or older).

Currently, this script is run once every 6 months in accordance with IRM 1.15.17 - Records Control Schedule for Information Technology. Since our system is not directly referenced in the IRM, records are maintained according to guidelines set forth for similar “Output Records”, whereby records are deleted / destroyed “when one year old or when no longer needed for operational purposes, whichever is sooner”. For the CSS VRU, MIS and audit records are no longer needed after six months.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15.   No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.

The CSS VRU tracks the DNIS and ANI for each taxpayer call for potential use by IRS Criminal Investigations. The information can establish that a particular taxpayer contacted the IRS by telephone at a particular date and time. This data is retained in accordance with IRM 1.15.17 - Records Control Schedule for Information Technology.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.

The CSS VRU will not be used to monitor individuals or groups.  

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.  No.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

The CSS VRU makes no determination and takes no final action. As described in the system purpose, the CSS VRU only provides information to taxpayers regarding their tax records. If taxpayers have questions regarding the information provided by the system, they can elect to speak to a Customer Service Representative (CSR) who can provide guidance. When a call is transferred to a CSR, it is no longer interacting with the CSS VRU.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?

The CSS VRU is not a web-based system. 

Page Last Reviewed or Updated: 15-Jan-2015