Search This Blog

Monday, May 25, 2009

Protecting Taxpayer Information - Greater Focus Needed on IRS Rather than Preparers

Both the IRS and tax return preparers have access to sensitive taxpayer data that is prone to theft or misuse. A recent report by the Treasury Inspector General for Tax Administration (TIGTA) - Increased Management Oversight of the Sensitive but Unclassified Waste Disposal Process Is Needed to Prevent Inadvertent Disclosure of Personally Identifiable Information (5/9/09) found that some taxpayer sensitive data in the hands of the IRS was not properly disposed of. For example, the report notes: "At every location we visited, we found documents containing PII [personally identifiable information] or other SBU [sensitive but unclassified] information in regular waste containers and/or dumpsters." It found that while most contractors disposing of waste met National Association for Information Destruction, Inc. certification standards, the background checks on employees did not meet IRS standards. TIGTA also found that in two locations, cleaning staff were found "without either proper identification or an escort."

TIGTA made various recommendations to the IRS that the IRS agreed with.

A few months ago, I blogged about the seemingly overkill with the recently reissued regulations under Section 7216 on disclosure and use of taxpayer information by income tax return preparers. The regulations are complex leading to innocent violations by preparers with a harsh misdemeanor penalty. The regulations should have instead provided key principles to be followed to guide protection of taxpayer/client information.

The client-preparer relationship should be less of a security concern that that of the IRS and taxpayers. Clients can easily (and should) take responsibility to ask questions of their preparers to be sure their data is secure. Greater attention should be paid by the IRS instead on what it must do to protect taxpayer data that taxpayers MUST provide to it without the opportunity to query them on their data protection processes.

Moving tax systems into the 21st century will require high security approaches by the IRS and greater proactiveness by individuals to protect their sensitive data - something they can easily do with their paid preparer, but not so easily with the IRS. Thus, greater attention needs to be paid to IRS practices and security rather than preparer practices.

What do you think?

No comments: