TIGTA Finds IRS Is Not Adequately Protecting Sensitive Taxpayer Information

TIGTA Finds IRS Is Not Adequately Protecting Sensitive Taxpayer Information
Zachary J. Montgomery JD, CPA, CFE
Written By: Zachary J. Montgomery, JD, CPA, CFE
Managing Member
Published On: 
August 7, 2023
zachary@mlegaltx.com

The U.S. federal tax system involves a plethora of sensitive taxpayer information—for individuals and businesses alike. Taxpayers should have some measure of confidence that the U.S. government, particularly the Internal Revenue Service (“IRS”), has measures in place to protect sensitive taxpayer information. On August 1, 2023, the Treasury Inspector General for Tax Administration (“TIGTA”) issued to the IRS Commissioner its final report on the IRS’s compliance with certain policies designed to protect taxpayer data.

 

IRS Internal Guidelines

The IRS maintains certain guidelines related to IRS employees requesting and transferring tax records from Tax Processing Centers. The IRS has three primary Tax Processing Centers located in Kansas City, Missouri; Austin, Texas; and Ogden, Utah. According to the Internal Revenue Manual, the IRS ships packages with Personally Identifiable Information (“PII”), i.e., sensitive taxpayer data, using a private delivery carrier. See I.R.M. 10.5.1.6.9.3 (Dec. 31, 2020). Among its general policies, IRS employees are required to:

- List the total number of documents contained in the package and include identifying information, i.e., taxpayer name, Employer Identification Number, etc., for at least the first four documents and the last document in the package.

- Include two copies of Form 3210, Document Transmittal, to be placed inside the secure package with its contents while the sender of the package keeps the ‘Originator’s Copy.’

- Verify receipt of the package by signing and returning the Form 3210 ‘Acknowledgment Copy’ to the sender.

- Report, upon discovery, all instances of lost mailed packages to TIGTA and the IRS’s Office of Privacy, Governmental Liaison, and Disclosure/Incident Management (“PGLD/IM”) Office.

- Report a data breach to the PGLD/IM Office on Form 14164-A, Personally Identifiable Information (PII) Breach Reporting Form.

- Notify the potentially impacted taxpayers of an IRS data breach involving their sensitive information if the PGLD/IM Office determines that notification is appropriate after its risk analysis.

See TIGTA, Sensitive Tax Information Is Not Being Controlled Adequately When Shipping to and From Tax Processing Centers (Aug. 1, 2023).

Results of TIGTA Review

From September 2022 to May 2023, TIGTA conducted its investigation and review of the IRS’s compliance with its policies and procedures. TIGTA reviewed IRS policies, reviewed the population of lost mail, and evaluated the IRS delivery processes. Among its findings, TIGTA determined:

- Actions are not taken to properly account for and/or control sensitive taxpayer information sent by private delivery carriers;

- Quarterly audits of the Forms 3210 acknowledgement process are not performed as required;

- Inadequate documentation resulted in the inability to identify, notify, and offer protection to some taxpayers when their sensitive tax information was lost; and

- Data breach indicators are not placed on business tax accounts associated with sensitive business tax information lost by the IRS.

See TIGTA, Sensitive Tax Information Is Not Being Controlled Adequately When Shipping to and From Tax Processing Centers (Aug. 1, 2023).

For a complete review of TIGTA’s report, click here.

Conclusion

TIGTA’s findings are not necessarily a vote of confidence for taxpayers and the security of their sensitive information. Taxpayers may take proactive steps to protect themselves from tax-related identity theft. For example, taxpayers may request an Identity Protection PIN (“IP PIN”), a six-digit number used when filing a tax return. For more information on requesting an IP PIN, click here.

Contact Montgomery Legal today to discuss your federal tax situation. Schedule a Consultation or call (214) 432-6100.

Share this insight
Zachary J. Montgomery JD, CPA, CFE
Written By: Zachary J. Montgomery, JD, CPA, CFE
Managing Member
Published On: 
November 3, 2024
zachary@mlegaltx.com
Subscribe to our newsletter

Subscribe to receive the latest insights article posts to your inbox.

By subscribing you agree to with our Privacy Policy.
Thank you for subscribing!
Oops! Something went wrong while submitting the form.

Discover More in Your Journey to Legal Mastery

Explore these related articles to gain further insights on your chosen topic.

View All

Ready to Secure Your legal Future?

Schedule a consultation today or give us a call to start your journey.

Attorney reading agreement Provident Legal Counsel (PLC)
Join our newsletter to stay up to date on Montgomery Legal news and insights.
Subscribe
By subscribing, you agree with our Privacy Policy and provide consent to receive updates from our company.
Thank you for subscribing!
Oops! Something went wrong while submitting the form.
© 2024 Montgomery Legal. All rights reserved.