Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Download
Standard view
Full view
of .
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
IRS Fails to notify taxpayers when their personal information is disclosed

IRS Fails to notify taxpayers when their personal information is disclosed

Ratings: (0)|Views: 7|Likes:
Treasury Inspector General Report

http://www.treasury.gov/tigta/auditreports/2011reports/201140054fr.pdf
Treasury Inspector General Report

http://www.treasury.gov/tigta/auditreports/2011reports/201140054fr.pdf

More info:

Published by: Bad Government Review on Jul 19, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

07/19/2011

pdf

text

original

 
TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION 
Phone Number | 202-622-6500 Email Address TIGTACommunications@tigta.treas.gov  Web Site | http://www.tigta.gov 
Some Taxpayers Were Not Appropriately Notified When Their Personally Identifiable Information Was Inadvertently Disclosed 
May 24, 2011Reference Number: 2011-40-054
This report has cleared the Treasury Inspector General for Tax Administration disclosure review processand information determined to be restricted from public release has been redacted from this document.
Redaction Legend
:1 = Tax Return/Return Information
 
HIGHLIGHTS 
 SOME TAXPAYERS WERE NOTAPPROPRIATELY NOTIFIED WHENTHEIR PERSONALLY IDENTIFIABLEINFORMATION WAS INADVERTENTLYDISCLOSED
Highlights
 
Final Report issued on May 24, 2011
Highlights of Reference Number: 2011-40-054to the Internal Revenue Service DeputyCommissioner for Operations Support.
IMPACT ON TAXPAYERS
Taxpayers need to be assured that the InternalRevenue Service (IRS) will promptly notify themof inadvertent disclosures of their PersonallyIdentifiable Information so they can take thenecessary steps to protect themselves fromidentity theft or other harm. The IRS has manyprocesses and regulations that protect taxpayerinformation, but there are times when taxpayerinformation is inadvertently disclosed.
WHY TIGTA DID THE AUDIT
More than 142 million taxpayers entrust the IRSwith sensitive financial and personal data. Theobjective of this audit was to determine whetherthe IRS is making appropriate decisions topromptly and properly notify taxpayers ofinadvertent disclosures of their tax information.
WHAT TIGTA FOUND
TIGTA reviewed a statistical sample of 98 casefiles of incidents reported as inadvertentdisclosures in Fiscal Years 2009 and 2010 andfound not all taxpayers were properly and/ortimely notified of disclosures.
Five (5 percent) of 98 incidents were closedand taxpayers were not properly notified ofthe disclosures because IRS employeesreporting the disclosures did not documentthe identity of the individuals whosePersonally Identifiable Information had beendisclosed.
10 (10 percent) of 98 incidents were closedand taxpayers were not properly notified ofthe disclosures because only tax accountinformation was disclosed and IRSprocedures did not include tax accountinformation in its definition of PersonallyIdentifiable Information.
20 (74 percent) of the 27 incidents in the98 incidents sampled that required taxpayernotification were not sent timely. TIGTAconsidered notifications timely if taxpayerswere sent notifications within 45 days of thedate the incident was reported to oridentified by the IRS. The notification lettersin the sample averaged 86 days.In addition, TIGTA reconciliations performedon the four systems the IRS uses to capturedisclosure incident-related informationidentified 815 missing incidents.
WHAT TIGTA RECOMMENDED
TIGTA recommended that the IRS 1) educateemployees on the importance of obtainingsufficient information on individuals whosePersonally Identifiable Information wasdisclosed, 2) revise procedures to include taxaccount information in the Personally IdentifiableInformation definition and to forward disclosureincidents to the IRS’s Identity Theft Program forvictims of identity theft, 3) implement atimeliness measure, and 4) implement sufficientcontrols to ensure that all incidents areaccurately documented and considered.In the response to the report, the IRS agreed tothe recommendations. The IRS hasimplemented a protection campaign to educateemployees on data protection and plans to studywhether tax account information should beincluded in the definition of PersonallyIdentifiable Information. In addition, the IRSplans to strengthen procedures to addressidentity theft and expand current time metrics toinclude the elapsed time between initial incidentreporting and taxpayer notifications date. Itplans to consolidate all systems data for themost serious incidents.
 
DEPARTMENT OF THE TREASURY
WASHINGTON, D.C. 20220
 
TREASURY INSPECTOR GENERALFOR TAX ADMINISTRATION
May 24, 2011
MEMORANDUM FOR
 
DEPUTY COMMISSIONER FOR OPERATIONS SUPPORT
FROM:
 
Michael R. PhillipsDeputy Inspector General for Audit
SUBJECT:
 
Final Audit Report – Some Taxpayers Were Not AppropriatelyNotified When Their Personally Identifiable Information WasInadvertently
 
Disclosed (Audit # 201040050)This report presents the results of our review to determine whether the Internal Revenue Serviceis making appropriate decisions to promptly and properly notify taxpayers of inadvertentdisclosures of their tax information. This audit is included in our Fiscal Year 2011 Annual AuditPlan and addresses the major management challenge of Taxpayer Protection and Rights.Management’s complete response to the draft report is included as Appendix VII.Copies of this report are also being sent to the Internal Revenue Service managers affected by thereport recommendations. Please contact me at (202) 622-6510 if you have questions orMichael E. McKenney, Assistant Inspector General for Audit (Returns Processing and AccountServices), at (202) 622-5916.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->