The IRS again fails to protect taxpayer information
The Internal Revenue Service has long been authorized to settle tax debts for less than the full amount owed under certain limited circumstances when doing so would serve the best interests of the government and the taxpayer. The process begins with the taxpayer submitting an Offer in Compromise (OIC), which the IRS may or may not accept.
The early 1950s was an era of extraordinarily high income tax rates. Not surprisingly, there were tax evasion scandals during that period. Evaders included Denis W. Delaney, who, as collector of internal revenue for Massachusetts, abused his authority by taking bribes to compromise tax debts. When the Delaney scandal broke in 1952, President Harry S. Truman issued Executive Order 10386, opening to public inspection OICs that are accepted by the IRS (with sensitive personal information redacted). The Tax Reform Act of 1976 codified the terms of the executive order in Section 6103(k)(1) of the Internal Revenue Code.
On 12 April 2016, the Treasury Inspector General for Tax Administration (TIGTA) released its 28 March 2016 Letter Report describing the IRS's failure to effectively sanitize personal information such as Social Security numbers from OICs availed for public inspection. This includes inadequate ballpoint pen cross-outs of the information where the Social Security number is still discernible. The damage on account of such missteps was apparently minimal, inasmuch as the OICs are paper copies that must be inspected in person; inspection access requires an advance appointment; and, consequently, few individuals had exercised their right to make such an inspection.
The IRS has been on notice since at least as far back as 1979 that identity theft is a problem warranting its serious attention. This author and others have expounded at length in these pages, quite profusely, on the IRS's continuing failure to adequately protect the identities of taxpayers who necessarily entrust personal information to it.
On 12 April 2016, the same day the TIGTA Letter Report was released, the Senate Finance Committee held a hearing on "Cybersecurity and Protecting Taxpayer Information," at which there was extensive testimony regarding how the various processes in place as the IRS do or do not effectively counter identity theft.
The "no harm, no foul" tone of the TIGTA Letter Report should be of scant comfort because processes, policies, and procedures alone will not protect sensitive taxpayer data entrusted to the IRS. No less important is an organizational culture of information security and sound data stewardship. The Letter Report betrays an IRS culture severely wanting in such concerns.
Building information security and sound data stewardship into the IRS internal culture is vital under any circumstance; it is all the more salient when the tax system is a critical part of non-taxation functions such as distributing alms to the needy or providing health care to the populace.
Kenneth H. Ryesky is a lawyer who has taught business law and taxation at Queens College CUNY. He formerly served as an attorney for the IRS.