TIN Masking Subgroup Report (2007 IRPAC Report)
In an effort to combat the rising problem of Identity Theft, the ultimate recommendation is to have the recipient's taxpayer identification number (TIN), masked on all information returns that are sent to the payee. (i.e. Forms 1099 and W-2). The full TIN would still appear on the government copy of the forms. This would be a proactive measure towards aiding privacy and thwarting identity theft efforts. IRPAC believes this proposal will satisfy all purposes of information reporting with no harm and will greatly benefit the taxpayers by reducing the likelihood of identity theft.
II. ISSUES AND RECOMMENDATIONS
At the April 2007 IRPAC meeting, the TIN Masking Subgroup met with Barbra Symonds, Director, Office of Privacy and Information Protection, to discuss the concept of TIN masking on payee information returns. We discussed the issues identified by the Subgroup (listed below) at this meeting. Ms. Symonds confirmed that the IRS is also concerned with privacy and identity theft issues and that the initiative of TIN masking is worth exploring. The Service is currently looking into removing employee TINs from all internal documents, a project which conveniently coincides with this subgroup’s objectives. Additionally, Ms. Symonds suggested to the subgroup that we explore a wide range of possible solutions. She suggested we contact Chief Counsel to see whether tax statutes or regulations would need to be changed to allow for TINs to be masked.
At the June 2007 IRPAC meeting, Zaida Candelario, Lead Analyst, Privacy and UNAX, Office of Privacy gave a presentation to IRPAC about what is currently being done within the Service to address identity theft and privacy issues. She stated that the Office of Management and Budget is asking agencies to conduct an SSN study as a first step. These studies would produce an inventory list of all forms, documents, and letters generated from within the Service that include an SSN. This study was mentioned in a subgroup meeting, also conducted at the June IRPAC meeting, in which both Barbra Symonds and Nancy Rose, Office of Chief Counsel, attended. Ms. Rose mentioned a few important items at this meeting:
1. Many states are already enacting prohibitions against the use of SSNs on documents.
a. Most privacy concerns are directed toward individuals rather than businesses.
b. Internal Revenue Code section 6109 requires the use of an identifying number on Form 1099 information returns. The SSN is deemed to be that identifying number for individuals.
c. Internal Revenue Code section 6051(a) (2) states that a Form W-2 requires the inclusion of an SSN. This statutory provision could be a significant hurdle to overcome for recipient copies of Form W-2.
d. Forms 1099 and other information returns may be easier to change, although any change to using an identifying number would require Treasury or Congress to change or expand the definition of the identifying number.
e. An incomplete SSN on the tax statement could create uncertainty for the payee.
The Subgroup recommends the IRS continue to study the concept of masking TINs on information returns.
The following additional items were also discussed by the Subgroup prior to meeting with IRS personnel:
a. If the TIN is masked on the statements received by recipients, how will recipients know if the payer entered their TIN into the payers’ systems accurately? Possible Form 1040 issues – some tax filers may put xxx-xx-1234 on their tax returns, as an example.
b. Need to determine costs to the payer to do this (i.e. internal programming changes, vendor application changes, etc.)
c. Is this something the IRS wants to consider?
i. Can the IRS mandate TIN masking?
ii. Would this be optional with the decision made by each payer?
d. Would B Notice and Penalty Processing be impacted?
i. The IRS would continue to receive the entire TIN from payer files and would continue to include the entire TIN in files sent back to payers (Notices CP2100 and 972CG).
ii. Payers would still be required to complete proper B Notice solicitations. However, due to the nature of the solicitation, the payer’s mailing would have to continue to include full TIN. Is this a impediment to what we are trying to accomplish?
e. For those who file their Form 1040 return on paper (as well as their state tax return), a copy of any Form W-2 is required to be sent with the return. If the TIN is masked, what impact will that have from an IRS/State processing perspective?
f. The Subgroup discussed the concept of using a ‘check digit’ in conjunction with the last 4 digits of the SSN.
g. The Subgroup must learn what measures or projects, if any, are currently underway by the IRS and Treasury and who is responsible.
Benefit to Payers
Masking TINs on information returns sent to taxpayers will support the payers’ interests in data security
Benefit to IRS
Masking TINs on information returns sent to taxpayers will support the IRS interests in data security, identity theft and privacy.
Benefit to Taxpayers
Taxpayer privacy and information security are greatly improved by better protection for mailed taxpayer data.
Nancy Rose, Chief Counsel has assured IRPAC that the IRS and Treasury are considering and discussing this issue and continue to keep abreast of proposed legislation.
Barbra Symonds, Director Office of Privacy and Information Protection stated that the IRS scheduled an internal identify theft summit this fall and recommended IRPAC to follow up with her once that takes place. Ms. Symonds agreed with the subgroup that prior to sending out a proposed notice for comment, it would be best to seek feedback from other payers. She also made it clear that tax fraud was not the primary reason for identity theft. The leading cause of identify theft is to obtain fraudulent passports and is accomplished by mail theft or dumpster diving. Clearly, information returns mailed to recipients are an easy target for mail theft because they contain all the necessary information about a person: legal name, address, SSN and the mailing envelope reads "Important Tax Information Enclosed" so it is easy to identify.
Additionally, Ms. Symonds stated that the Federal Trade Commission (FTC) is the government's ID Theft Clearinghouse.