Search This Blog

Friday, January 9, 2009

Rethinking Compliance Rules - IRC Section 7216

In 2008, the IRS issued revised regulations under IRC Section 7216, Disclosure or Use of Information by Preparers of Returns. The original regulations had been written decades earlier when electronic transfers of information were not commonplace. This provision imposes a criminal penalty (misdemeanor) of up to $1,000 fine and/or up to one year in prison. The goal is to protect taxpayers from improper disclosure or use of their tax return information. Some types of disclosure and use are permissible, others require advance, specific consent from the taxpayer. For individual taxpayers, that consent must be on a form that has required language and a required paper and font size.

Unfortunately, the revised regulations raise a lot of questions that are making it difficult for return preparers to feel confident they are operating within the rules. For example, it is not entirely clear if a consent or use form signed by the taxpayer is required before a preparer can use return information for advising a client of tax planning opportunities or even mail them a firm newsletter that has tax updates in it, but also describes a variety of services the CPA firm offers.

Is this the way to move the tax system into the 21st century where electronic storage and transmission of sensitive taxpayer information is the norm? What is the balance between what individuals must do on their own to protect their information versus what others must do? How proscriptive does the paperwork need to be to ensure that taxpayer information is protected?

Why not have the client and return preparer agree among themselves as to how the preparer will protect client information and the preparer tell the client all that he will do with the information. That can all be part of an engagement letter. Many return preparers are already subject to professional rules of conduct that include protecting confidential information.

The required consent to use or disclose form specified by the IRS must include the following statement:

"If you believe your tax return information has been disclosed or used improperly in a manner unauthorized by law or without your permission, you may contact the Treasury Inspector General for Tax Administration (TIGTA) by telephone at 1-800-366-4484, or by email at"

So, clients of compliant preparers will get this information (if a consent form is deemed needed), but how will others know? What is the role of the IRS in educating all taxpayers about protecting their confidential tax return information?

Also, Section 7216 (and its civil companion, Section 6713) only apply to federal income tax returns - not to other types of federal tax returns (and perhaps not to all state returns; you'd need to check the law in each state). So, is this enough protection?

I think this is a good example of another way we need to rethink old rules for a new era. Let's discuss what the government's role should be in protecting individuals and businesses from "improper" use or disclosure of their tax return information versus what the role and responsibility of the owner of that information is. What should children be learning in K-12 that will help them protect their confidential data in the Internet and wireless communication era? Also, what is the point of issuing overly complex, detailed rules that leave the intended users (preparers) with questions and uncertainty? Could the regulations instead just have clearly stated the purpose and left the form of compliance to preparers (the penalty aspect is the incentive to comply).

I have a short article (see link below) with more on these provisions and links to the regulations and format of the consent required for individual taxpayers. Below is a link to an AICPA website with additional information.
What do you think?


Anonymous said...

Professor Nellen, this is an excellent post. I couldn't agree more that the IRC moves are misaligned with the practical realities of doing business in this decade (much less moving forward) and that interpretation being so difficult is entirely to the practitioner's detriment. CPAs that I know are 100% dedicated to compliance as part of their professional responsibilities, but are pained (and frustrated) with lack of assurance as to which steps they need to take to do so. Why must regulatory bodies make everything SO complicated!

As an aside, I hadn't seen your blog previously and now I have added it to the faculty section of my Accounting Blog List (at

Best wishes and I'll look forward to reading you going forward!

Professor Nellen said...

The AICPA has provided a 8 minute video by Tom Oshsenschlager, AICPA VP Tax. You can find it at (2/09):