Privacy Impact Assessment - Certified Transcripts (CERTS)
CERTS System Overview
The Certified Transcript Program (CERTS) produces a common language transcript that gives the history assessments and payments on taxpayers' accounts. These transcripts are used in civil and criminal court cases. Form 4340, Certificate of Assessments, Payments, and Other Specified Matters, is used by the government in litigation to certify extracts from a taxpayer's account. Form 4340 is a true copy certification when the certification at the end of the form contains an authorized signature. When further certified by a Form 2866, Certificate of Official Record, signed under seal, Form 4340 self-authenticates the entries contained therein when submitted in court by the government.
The CERTS application is used for Non-Master File accounts, tax periods on retention, special or expedite requests, and certain conditions found on Form 4340, “Certificate of Assessments, Payments, and Other Specified Matters”.
Describe the information (data elements and fields) available in the system in the following categories:
Taxpayer
Employee
Audit Trail Information (including employee log-in info)
Other (Describe)
Taxpayer - Tax data and related information pertaining to individual taxpayers are posted to and captured on this application. Each taxpayer account contains data which describes the taxpayer as an entity and contains groups of data including Taxpayer Identification Number(s) (TIN), name, address, and other accounting information relating to a specific tax period.
Employee - The application uses employee information necessary to accurately identify and authenticate each user of the system. The system maintains a set of authorizations regarding what actions each employee user may perform within the application.
Audit Trail Information – There is no audit trail for this application. Rather it has interfaces to systems that maintain their own audit trails. These systems maintain the authentication and authorization required, including the use of audit trail information.
Other - No other taxpayer or employee information is stored as part of the application except in audit logs.
Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
IRS
Taxpayer
Employee
Other Federal Agencies (List agency)
State and Local Agencies (List agency)
Other third party sources (Describe)
IRS - The data is reported by the taxpayer on various forms and schedules in the 1040 Individual Income Tax family of returns.
Taxpayer – the application identifies the
data elements such as SSN, TIN and other taxpayer identifying information.
Employee - The application uses employee information necessary to accurately identify and authenticate each user of the system.
Federal Agencies – No other Federal
Agencies use the data elements in the application.
State and Local Agencies - No other State or Local Agencies use the data elements in the application.
Other – No third parties provide data for the application.
Is each data item required for the business purpose of the system?
Yes. The name, TIN, and address are required to identify the taxpayer’s account. The income, deductions, credit, liability etc. reported on the tax return, as well as any payments received, are required to settle the taxpayer’s account, and maintain a record of taxes assessed, abated and collected.
How will each data item be verified for accuracy, timeliness, and completeness?
The CERTS data is collected solely from existing taxpayer records on the Individual Master File (IMF), Business Master File (BMF) and Non Master File (NMF).
The CERTS does not collect data from sources other than IRS records.
The CERTS will not place new data in the taxpayer’s record.
The CERTS cannot and does not make determinations about taxpayers or employees. Data is retrievable by TIN, Form, Name or Address. The TIN and Name are personal identifiers. CERTS will retrieve all data input for the TIN or Name.
Users are responsible for checking and reviewing 100% of the Form 4340 transcripts against current MCC-Specific transcripts to ensure the accuracy and completeness of the forms.
Is there another source for the data? No
Generally, how will data be retrieved by the user?
Users access the application through the local LAN or IRS WAN within the IRS firewall. Access to the application is based on: Unique User Identity (User ID).
Roles-Access to information is controlled by the job assignment or function.
Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?
Yes, data is retrievable via any field on the input screen, including TIN, SSN, etc.
Access to the Data
Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?
The Users, Manager, System/Database Administrator, and the Headquarters Tax Analyst will have access to the data in the system. Access is granted on a need to know requirement.
How is access to the data by a user determined and by whom?
Access to the data is determined by the manager based on a user’s position and need-to-know. The manager will request a user to be added. They must submit the request via the Online 5081 process to request access to the System.
The Application Administrator determines to which group and menu the user will have access. A user’s access to the data terminates when it is no longer required. System Administrators (SAs) monitor the change control process, system security controls, and grant system access.
Do other IRS systems provide, receive, or share data in the system? If YES, list the system(s) and describe which data is shared. If NO, continue to Question 12.
No, data is not shared between systems.
Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment? Not Applicable.
Will other agencies provide, receive, or share data in any form with this system?
No other federal, state, or local agency shares or has access to the applications’ data.
Administrative Controls of Data
What are the procedures for eliminating the data at the end of the retention period?
General procedures for eliminating data at the end of the applicable retention periods are defined in Internal Revenue Manual 1.15.2, Records Disposition Handbook, chapters 5 and 10, respectively. The taxpayer data is stored in separate tables for each campus. Hard copies of the Certified Transcripts are kept for as long as their IRM requires them to be kept. The program is set up so that the old records are removed from the tables once they are 180 days old. It is the responsibility of the user to delete the records that are 180 days old. Their Instructions tell them to run the script once a month. The data is removed by a SQL script ran by the users.
Will this system use technology in a new way? No
Will this system be used to identify or locate individuals or groups? If so, describe the business purpose for this capability.
No, the application does not allow individuals or groups to be identified.
Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.
No, this application does not display current information to monitor individuals or groups.
Can use of the system allow IRS to treat taxpayers, employees, or others, differently? Explain.
No, The common language transcript produced gives the history assessments and payments on taxpayers' account and are used in civil and criminal court cases.
Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?
Yes, transcripts generated gives the history assessments and payments on taxpayers' account and are used in civil and criminal court cases.
If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?
The application is not web-based but, is protected by means appropriate for this information in accordance with applicable regulations.
| 
