Internal Revenue Bulletin:  2008-29 

July 21, 2008 

T.D. 9409

Amendments to the Section 7216 Regulations—Disclosure or Use of Information by Preparers of Returns


DEPARTMENT OF THE TREASURY
Internal Revenue Service
26 CFR Part 301

AGENCY:

Internal Revenue Service (IRS), Treasury.

ACTION:

Final and temporary regulations.

SUMMARY:

This document contains final and temporary regulations that provide rules relating to the disclosure and use of tax return information by tax return preparers. These regulations provide updated guidance regarding the disclosure of a taxpayer’s social security number to a tax return preparer located outside of the United States. The text of these regulations also serves as the text of the proposed regulations (REG-121698-08) set forth in the notice of proposed rulemaking on this subject in this issue of the Bulletin.

DATES:

Effective Date: These regulations are effective on July 2, 2008.

Applicability Date: See §301.7216-3T(d).

FOR FURTHER INFORMATION CONTACT:

Lawrence E. Mack, (202) 622-4940 (not a toll-free number).

SUPPLEMENTARY INFORMATION:

Background

This document amends 26 CFR part 301 to provide modified rules relating to the ability of a tax return preparer located within the United States to disclose a taxpayer’s social security number constituting tax return information with the taxpayer’s consent to a tax return preparer located outside of the United States. In the accompanying and cross-referenced notice of proposed rulemaking, the Treasury Department and IRS request comments on the proposed rule from all interested persons.

On December 8, 2005, the Treasury Department and IRS published a notice of proposed rulemaking (REG-137243-02, 2006-1 C.B. 317) in the Federal Register (70 FR 72954) proposing amendments to the regulations under section 7216 (regarding the use or disclosure of tax return information by income tax return preparers). On January 3, 2008, the Treasury Department and IRS issued final regulations under section 7216 (T.D. 9375, 2008-5 I.R.B. 344) applicable to disclosures or uses of tax return information occurring on or after January 1, 2009. Thus, T.D. 9375 replaces previously issued final regulations that remain applicable to disclosures or uses of tax return information occurring prior to January 1, 2009.

T.D. 9375 included the revision of §301.7216-3(b)(4), which, for disclosures and uses of tax return information occurring on or after January 1, 2009, provides that an income tax return preparer located in the United States may not disclose the taxpayer’s social security number (SSN) to a tax return preparer located outside of the United States even if the taxpayer consents to the disclosure. These temporary regulations modify the rules under §301.7216-3(b)(4).

Explanation of Provisions

The Treasury Department and IRS are amending the regulations under section 7216 applicable to disclosures and uses of tax return information occurring on or after January 1, 2009, to provide a limited exception to the general rule that an income tax return preparer located in the United States may not disclose a taxpayer’s SSN to a tax return preparer located outside of the United States. Section 301.7216-3(b)(4) provides that a tax return preparer located within the United States, including any territory or possession of the United States, may not obtain consent to disclose a taxpayer’s SSN to a tax return preparer located outside of the United States or any territory or possession of the United States. Thus, with one exception, if a tax return preparer located within the United States obtains consent from a taxpayer to disclose tax return information to another tax return preparer located outside of the United States, as provided under §§301.7216-3(a)(3)(i)(D), 301.7216-2(c)(2) and 301.7216-2(d), the tax return preparer located in the United States may not disclose the taxpayer’s SSN, and must redact or otherwise mask the taxpayer’s SSN before the tax return information is disclosed outside of the United States. The exception is limited to the circumstance in which a tax return preparer located inside the United States initially receives the SSN from a tax return preparer located outside the United States and the preparer within the United States retransmits the SSN to the preparer that provided the SSN. When a taxpayer-client requests that a tax return preparer within the United States transfer the return preparation engagement to a tax return preparer located outside the United States, the preparer still must redact or otherwise mask the taxpayer’s SSN before the information is disclosed and, in this situation, it will be incumbent upon the taxpayer to provide the SSN directly to the tax return preparer located abroad.

The revisions containing the SSN disclosure prohibition in §301.7216-3(b)(4) were explained in the preamble to the final regulations. The regulation was adopted in light of factors including: 1) the fact that it is not necessary for tax return preparers to disclose certain taxpayer identifying information to other tax return preparers who are assisting them in preparing a return; 2) the important role an SSN plays in the tax administration process, and the heightened potential for misuse when an SSN is readily associated with confidential information, such as tax return information; and 3) the heightened concern about the theft of taxpayer identifying information resulting from disclosures outside the United States.

Upon further consideration, the Treasury Department and IRS have concluded that §301.7216-3(b)(4) can be amended to provide flexibility to allow a tax return preparer within the United States to disclose an SSN with the taxpayer’s consent to a tax return preparer located outside of the United States if both tax return preparers have sufficient data security programs and procedures in operation to protect such important confidential information from misuse or unauthorized access or disclosure. These measures will significantly reduce the security risks associated with the disclosure of this information outside of the United States. Although SSN security is the primary focus of these regulations, the flexibility provided by these regulations will enable qualified tax return preparers to address situations in which there is a need for a tax return preparer in the United States to disclose an SSN to a tax return preparer located outside of the United States, as appropriate under the circumstances. This includes, but is not limited to, situations in which the tax return preparer located outside of the United States is a signing tax return preparer or requires an unredacted SSN to file a return on behalf of a taxpayer, the tax return preparer located outside the United States may need a copy of the entire return, including the taxpayer’s SSN (for example, to assist an expatriated U.S. taxpayer secure treaty benefits from the relevant foreign government), or the taxpayer prefers that the tax return preparer located within the United States disclose the taxpayer’s SSN to the tax return preparer located outside the United States (for example, because the taxpayer concludes that the data security protection provided by the tax return preparer in the United States and the tax return preparer located outside of the United States is sound).

In light of these considerations, the Treasury Department and IRS, pursuant to these temporary regulations, amend the regulations contained in T.D. 9375 (applicable to disclosures and uses of tax return information on or after January 1, 2009) to include an exception to §301.7216-3(b)(4). The exception in §301.7216-3T(b)(4)(ii) provides that a tax return preparer located within the United States, including any territory or possession of the United States, may obtain consent to disclose the taxpayer’s SSN to a tax return preparer located outside of the United States or any territory or possession of the United States if the tax return preparer discloses the SSN through the use of an “adequate data protection safeguard” as described in guidance published in the Internal Revenue Bulletin and verifies the maintenance of the adequate data protection safeguards in the request for the taxpayer’s consent pursuant to the specifications described in guidance published in the Internal Revenue Bulletin. The exception authorizes only those preparers with an adequate data protection safeguard in operation to request a taxpayer’s consent to disclose an SSN to a preparer located outside the United States that also has an adequate data protection safeguard. The Treasury Department and IRS anticipate that requiring tax return preparers that seek a taxpayer’s consent to disclose an SSN to a tax return preparer located abroad to maintain adequate data security would provide the further benefit of enhancing the level of security of any data transfer, including the data transfer of the taxpayer’s SSN, while providing additional flexibility to address situations in which there is a reason or need to disclose an SSN to a tax return preparer located abroad. Tax return preparers without an adequate data protection safeguard, or those preparers with an adequate data protection safeguard that seek to disclose an SSN to a tax return preparer located abroad that does not have an adequate data protection safeguard, must continue to comply with the general rule in §301.7216-3T(b)(4)(i), and are still required to mask any SSN prior to disclosure to a tax return preparer located outside the United States, or any territory or possession of the United States, even if the taxpayer has consented to disclosure of an SSN.

Revenue Procedure 2008-35, published concurrently with these regulations, provides the relevant guidance regarding the exception in §301.7216-3T(b)(4)(ii) to the general rule requiring SSN masking. Section 4.07 of Revenue Procedure 2008-35 provides guidance regarding the requirements for an adequate data protection safeguard. Pursuant to Section 4.07, an “adequate data protection safeguard” is a data security program, policy and practice that meets or conforms to one of the following privacy or data security frameworks:

(1) The United States Department of Commerce “safe harbor” framework for data protection (or successor program);

(2) A foreign law data protection safeguard that includes a security component, for example, the European Commission’s Directive on Data Protection;

(3) A framework that complies with the requirements of a financial or similar industry-specific standard that is generally accepted as best practices for technology and security related to that industry, for example, the BITS (Financial Services Roundtable) Financial Institution Shared Assessment Program;

(4) The requirements of the AICPA/CICA Privacy Framework;

(5) The requirements of the most recent version of IRS Publication 1075, Tax Information Security Guidelines for Federal, State and Local Agencies and Entities; or

(6) Any other data security framework that provides the same level of privacy protection as contemplated by one or more of the frameworks described in (1) through (5).

Section 4.04(1)(e)(ii) of Revenue Procedure 2008-35 provides guidance regarding mandatory language that must be included in each request for consent provided to an individual taxpayer by the tax return preparer that seeks consent to disclose an SSN to a return preparer located outside the United States or its territories or possessions. See §601.601(d)(2)(ii)(b).

These regulations clarify that the rule in §301.7216-3T(b)(4) applies only to a tax return preparer’s request for consent to disclose tax return information, including an SSN, from a taxpayer filing a return in the Form 1040 series, for example, Form 1040, Form 1040NR, Form 1040A, or Form 1040EZ. Also, the regulations clarify that a tax return preparer located outside of the United States does not include a tax return preparer who is continuously and regularly employed in the United States or any territory or possession of the United States and who is in a temporary travel status outside of the United States. This clarification is necessary to avoid disruption of the performance of the duties of employees of tax return preparers based in the United States who are on a temporary travel assignment in a location outside of the United States.

The Treasury Department and IRS also conclude that the addition of the exception in §301.7216-3T(b)(4)(ii) appropriately balances concerns regarding safeguarding of sensitive tax return information and identity theft against the tax return preparers’ needs for disclosing SSNs and a taxpayer’s right to control access to his or her SSN. In a separate notice of proposed rulemaking published with these temporary regulations, the Treasury Department and IRS request comments on the proposed rules, as well as the guidance regarding the requirements for an adequate data protection safeguard in Section 4.07 of Revenue Procedure 2008-35.

Special Analyses

It has been determined that this Treasury decision is not a significant regulatory action as defined in Executive Order 12866. Therefore, a regulatory assessment is not required. It also has been determined that section 553(b) of the Administrative Procedure Act (5 U.S.C. chapter 5) does not apply to these regulations because they are interpretive regulations. Because these regulations are necessary to provide tax return preparers and taxpayers with immediate guidance on the application of the section 7216 rules regarding SSN masking requirements, particularly in light of the January 1, 2009 applicability date provided by the recently promulgated section 7216 regulations contained in T.D. 9375, and as these regulations are intended to provide a limited exception to, and relief from, the rule requiring SSN masking in all instances where tax return information is disclosed to a tax return preparer located outside of the United States and its territories and possessions, good cause would otherwise exist for dispensing with notice and public comment pursuant to 5 U.S.C. 553(b) and (c). For applicability of the Regulatory Flexibility Act (5 U.S.C. chapter 6), refer to the Special Analyses section of the preamble to the cross-referenced notice of proposed rulemaking published in this issue of the Bulletin. Pursuant to section 7805(f) of the Internal Revenue Code, these temporary regulations have been submitted to the Chief Counsel for Advocacy of the Small Business Administration for comment on their impact on small business.

Amendments to the Regulations

Accordingly, 26 CFR part 301 is amended as follows:

PART 301—PROCEDURE AND ADMINISTRATION

Paragraph 1. The authority citation for part 301 is amended by adding an entry in numerical order to read as follows:

Authority: 26 U.S.C. 7805 * * *

Section 301.7216-3T also issued under 26 U.S.C. 7216 * * *

Paragraph 2. Section 301.7216-3 is amended by revising paragraph (b)(4) to read as follows:

§301.7216-3 Disclosure or use permitted only with the taxpayer’s consent.

* * * * *

(b) * * *

(4) [Reserved]. For further guidance, see §301.7216-3T(b)(4).

* * * * *

Paragraph 3. Section 301.7216-3T is added to read as follows:

§301.7216-3T Disclosure or use permitted only with the taxpayer’s consent (temporary).

(a) [Reserved]. For further guidance, see §301.7216-3(a).

(b) Timing requirements and limitations—(1) through (3) [Reserved]. For further guidance, see §301.7216-3(b)(1) through (3).

(4) No consent to the disclosure of a taxpayer’s social security number to a return preparer outside of the United States with respect to a taxpayers filing a return in the Form 1040 Series—(i) In general. Except as provided in paragraph (ii), a tax return preparer located within the United States, including any territory or possession of the United States, may not obtain consent to disclose the taxpayer’s social security number (SSN) with respect to taxpayers filing a return in the Form 1040 Series, for example, Form 1040, Form 1040NR, Form 1040A, or Form 1040EZ, to a tax return preparer located outside of the United States or any territory or possession of the United States. Thus, if a tax return preparer located within the United States (including any territory or possession of the United States) obtains consent from an individual taxpayer to disclose tax return information to another tax return preparer located outside of the United States, as provided under §§301.7216-2(c) and 301.7216-2(d), the tax return preparer located in the United States may not disclose the taxpayer’s SSN, and the tax return preparer must redact or otherwise mask the taxpayer’s SSN before the tax return information is disclosed outside of the United States. If a tax return preparer located within the United States initially receives or obtains a taxpayer’s SSN from another tax return preparer located outside of the United States, however, the tax return preparer within the United States may, without consent, retransmit the taxpayer’s SSN to the tax return preparer located outside the United States that initially provided the SSN to the tax return preparer located within the United States. For purposes of this section, a tax return preparer located outside of the United States does not include a tax return preparer who is continuously and regularly employed in the United States or any territory or possession of the United States and who is in a temporary travel status outside of the United States.

(ii) Exception. A tax return preparer located within the United States, including any territory or possession of the United States, may obtain consent to disclose the taxpayer’s SSN to a tax return preparer located outside of the United States or any territory or possession of the United States where the tax return preparer within the United States discloses the SSN to a tax return preparer outside of the United States through the use of an adequate data protection safeguard as defined by the Secretary in guidance published in the Internal Revenue Bulletin (see §601.601(d)(2)(ii)(b) of this chapter) and verifies the maintenance of the adequate data protection safeguards in the request for the taxpayer’s consent pursuant to the specifications described by the Secretary in guidance published in the Internal Revenue Bulletin.

(b)(5) and (c) [Reserved]. For further guidance, see §301.7216-3(b)(5) and (c).

(d) Effective/applicability date. This section applies to disclosures or uses of tax return information occurring on or after January 1, 2009. The applicability of this section expires on July 1, 2011.

Linda E. Stiff,
Deputy Commissioner for
Services and Enforcement.

Approved June 25, 2008.

Eric Solomon,
Assistant Secretary of
the Treasury (Tax Policy).

Note

(Filed by the Office of the Federal Register on July 1, 2008, 8:45 a.m., and published in the issue of the Federal Register for July 2, 2008, 73 F.R. 37910)

Drafting Information

The principal author of these regulations is Lawrence E. Mack, Office of the Associate Chief Counsel (Procedure and Administration).

* * * * *


More Internal Revenue Bulletins