IG: IRS not doing enough to safeguard taxpayers' privacy

The Internal Revenue Service has not done enough to protect the privacy of more than 130 million taxpayers, according to a Treasury Department Inspector General's report released Oct. 3.

The agency has conducted privacy impact assessments (PIAs) on less than half of its computer system and does not adequately monitor its own application of privacy laws, according to the report from the Treasury IG For Tax Administration.

The E-Government Act of 2002 and IRS guidelines require every computer system or project that collects personal information to have a current PIA on file with the agency’s privacy office. As of August 2005, the IG could not find PIAs for 130 of the 241 IRS computers systems that collect the sensitive information, according to the report.

“We attribute the missing PIAs to the lack of emphasis on privacy issues, and the decision to not require that all systems be certified and accredited,” the report states.

Thus, taxpayers’ identities are at a higher risk of being stolen and used unlawfully, the report found.

The IG recommended that IRS officials build a searchable database of PIAs with quarterly verifications on their accuracy and reinforce the importance of PIA case documentation.

The IG report recommended that officials review employee privacy training and assess whether IRS business units meet regulations.

Despite failures, the IRS’ Office of Privacy and Information Protection enhanced its privacy program in the past two years, according to the IG. Officials chaired a working group to review the issues and created an online privacy-training segment on its Web site.

The privacy office director is responsible for administering the privacy program. Its mission is to ensure that policies and programs incorporate taxpayer and employee privacy requirements and that sensitive information remains protected, secure and private.

National Treasury Employees Union President Colleen Kelley said in a statement that the report emphasizes her belief that the IRS should not turn over taxpayer records to private collection agencies.

“The IRS should be required to get its own house in order and not only meet, but exceed, the privacy standards," she said. "Instead, the IRS is outsourcing the sensitive and private financial information of American taxpayers to private debt collectors, increasing the risk of security breaches exponentially.”

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.