About The Client
The Internal Revenue Service (IRS) is a bureau of the U.S. Department of the Treasury. The IRS is responsible for collecting taxes and the administration of the Internal Revenue Code.
The Internal Revenue Service (IRS) handles a significant amount of personal information as a function of their normal operations. This includes over 200 databases with personal and sensitive information. As part of meeting legislative requirements each of these systems, and any new system, must periodically be assessed for possible impacts of lost or compromise of data. The IRS desired to automate these Privacy Impact Assessments (PIAs), which were a critical but inefficient internal business process.
The Canton Group provided a full time, on-site Webmaster/Programmer to the headquarters office of the Office of Privacy and Information Protection. The Webmaster/Programmer developed the Privacy Impact Assessment and Management System (PIAMS) from an existing prototype. PIAMS provides an IRS intranet website for internal users to complete Privacy Impact Assessments (PIAs) for IRS systems. The Webmaster/Programmer also provides website updates, applications maintenance, and help desk support to web site end users. In addition, The Canton Group was awarded a contract modification to develop a new module for the PIAMS Website known as PII Inventory and Classification (PIIC) for the IRS intranet. The PIIC module helps the IRS to protect Personally Identifiable Information – or ‘PII’ – that the IRS collects on taxpayers as part of its duties. These taxpayers include corporate, nonprofit, or publically held businesses as well as private citizens. This taxpayer information is collected and maintained in approximately 200 database systems. To safeguard the data, such as Social Security Numbers, gathered while collecting and verifying tax returns, the IRS must identify and track those systems that pose a high level of risk if compromised and determine what needs to be done to mitigate that risk. The PIIC add-on to the PIAMS website provides an integral tool in identifying, classifying, and protecting this sensitive information.