IG: IRS not doing enough to safeguard taxpayers' privacy

The Internal Revenue Service has not done enough to protect the privacy of more than 130 million taxpayers, according to a Treasury Department Inspector General's report released Oct. 3.

The agency has conducted privacy impact assessments (PIAs) on less than half of its computer system and does not adequately monitor its own application of privacy laws, according to the report from the Treasury IG For Tax Administration.

The E-Government Act of 2002 and IRS guidelines require every computer system or project that collects personal information to have a current PIA on file with the agency’s privacy office. As of August 2005, the IG could not find PIAs for 130 of the 241 IRS computers systems that collect the sensitive information, according to the report.

“We attribute the missing PIAs to the lack of emphasis on privacy issues, and the decision to not require that all systems be certified and accredited,” the report states.

Thus, taxpayers’ identities are at a higher risk of being stolen and used unlawfully, the report found.

The IG recommended that IRS officials build a searchable database of PIAs with quarterly verifications on their accuracy and reinforce the importance of PIA case documentation.

The IG report recommended that officials review employee privacy training and assess whether IRS business units meet regulations.

Despite failures, the IRS’ Office of Privacy and Information Protection enhanced its privacy program in the past two years, according to the IG. Officials chaired a working group to review the issues and created an online privacy-training segment on its Web site.

The privacy office director is responsible for administering the privacy program. Its mission is to ensure that policies and programs incorporate taxpayer and employee privacy requirements and that sensitive information remains protected, secure and private.

National Treasury Employees Union President Colleen Kelley said in a statement that the report emphasizes her belief that the IRS should not turn over taxpayer records to private collection agencies.

“The IRS should be required to get its own house in order and not only meet, but exceed, the privacy standards," she said. "Instead, the IRS is outsourcing the sensitive and private financial information of American taxpayers to private debt collectors, increasing the risk of security breaches exponentially.”

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.