Paul L. Caron

Thursday, August 14, 2014

TIGTA: IRS Puts Confidential Taxpayer Information at Risk By Giving It to Contractors Without Required Background Checks

TIGTA The Treasury Inspector General for Tax Administration today released Some Contractor Personnel Without Background Investigations Had Access to Taxpayer Data and Other Sensitive Information (2014-10-037):

IRS policy requires contractor personnel to have a background investigation if they will have or require access to Sensitive But Unclassified (SBU) information, including taxpayer information. Allowing contractor personnel access to taxpayer and other SBU information without the appropriate background investigation exposes taxpayers to increased risk of fraud and identity theft.

Taxpayer and other SBU information may be at risk due to a lack of background investigation requirements in five contracts for courier, printing, document recovery, and sign language interpreter services. For example, in one printing services contract, the IRS provided the contractor a compact disk containing 1.4 million taxpayer names, addresses, and Social Security Numbers; however, none of the contractor personnel who worked on this contract were subject to a background investigation. In addition, TIGTA found 12 contracts for which IRS program and procurement office staff correctly determined that contractor personnel required background investigations because they would have access to SBU information; however, some contractor personnel did not have interim access approval or final background investigations before they began working on the contracts. Further, TIGTA identified 20 contracts for which either some or all contractor personnel did not sign nondisclosure agreements. In June 2013, after the period covered by our audit, the IRS issued more explicit guidance requiring the execution of nondisclosure agreements.

Gov't Reports, IRS News, Tax | Permalink


Given the last five years of IRS admissions of inadequate routines to address rampant identity theft in tax filing the only conclusion one can draw here is that IRS leadership is totally aware of, unwilling and willfully negligent in mitigating these security risks.

If this were the private sector, heads would roll and leadership would be changed- if not outright indicted for their breach of responsibility.

How many American financial identities must be sacrificed to criminals before the IRS is held responsible?

Posted by: L. Z. | Aug 14, 2014 3:46:48 PM