IRS SECURITY OF TAXPAYER INFORMATION, CHARACTERISTICS OF EMPLOYEE UNAUTHORIZED ACCESS AND DISCLOSURE CASES:
A recent Government Accountability Office (GAO) investigation found that when it comes to safeguarding taxpayer data, the Internal Revenue Service's security has some holes.
Notably, over the last 10 fiscal years, more than a quarter of the tax agency's internal taxpayer data breach instances involved employees intentionally snooping on filers' information.
The details are in the report GAO-22-105872, entitled "IRS Security of Taxpayer Information: Characteristics of Employee Unauthorized Access and Disclosure Cases" that was released on May 19.
Unauthorized access can either be considered inadvertent, such as when an IRS employee accidentally enters an incorrect taxpayer identification number and gets into an account other than the one being worked.
However, willful unauthorized access is just what its name says. It's the intentional access, attempted access, or inspection of tax returns or return information without a valid IRS processing or examination reason.
GAO investigators found that between fiscal years 2012 and 2021, the IRS completed 1,694 investigations into the willful unauthorized access, referred to as UNAX, of tax data by employees. Twenty-seven percent of those incidents were substantiated as misconduct, according to the report.
To deter UNAX violations, IRS rules say spying staffers could be fired, as well as possibly face criminal and civil penalties. In most of the violations discovered by the GAO, the offending employees were suspended, resigned, or removed.
Those figures are negligible when you consider that for the last couple of filing seasons more than 169 million people a have submitted returns. That includes more than 14 million new filers who provided the IRS with personal data in order to collect COVID-19 economic relief payments and advance enhanced Child Tax Credit amounts.
But when it comes to taxes, every number is crucial. Unauthorized access, and particularly willful UNAX, should be zero.
First, there are the ramifications of what could happen if the info gets into criminal hands.
Taxpayers accept that in the general course of conducting business, IRS employees must access our confidential information. This includes such things as our (and our spouse's and dependents') Social Security numbers, along with income information (both amounts and sources).
However, if that data is accessed by IRS personnel for nefarious reasons, the tax filing victims could end up dealing with the unwelcome consequences of identity theft.
The IRS depends on citizen confidence that the personal and financial information it's tasked with collecting each year is properly safeguarded from all threats, both in and outside IRS offices.
If the IRS is unable to do that, particularly in connection with staff access to taxpayer accounts, those breaches could adversely affect voluntary taxpayer compliance, the hallmark of the U.S. tax system.
A recent leak of IRS data was the impetus for the GAO investigation. The investigative website ProPublica obtained tax data on wealthy individuals, which it used in a report on the amount of taxes those individuals paid.
The tax data of every single U.S. taxpayer is private. That's law. And that means every taxpayer's IRS account deserves the same strict and secure safeguards.
