AccessibilitySkip to Top NavigationSkip to Main ContentHome  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  

Part 11. Communications and Liaison

Chapter 3. Disclosure of Official Information

Section 1. Introduction to Disclosure

11.3.1  Introduction to Disclosure

11.3.1.1  (04-04-2008)
Introduction

  1. Each of us in the Internal Revenue Service (IRS), is affected in the performance of our duties by laws governing the degree of confidentiality to be accorded to the records and information we work with. Under these laws we determine what information is confidential, its degree of confidentiality, who may have access to it and for what purposes, and how we must account for any release of confidential Information. Under these laws, we also determine what information must be made public and, if so, whether it must be published, made generally available, or made available only upon request. In addition, these laws restrict the types of personal information we may gather and maintain about individuals, and grant individuals the rights to inspect and amend records about themselves.

  2. These laws are collectively referred to as disclosure laws. They are principally composed of certain sections of the Internal Revenue Code (IRC), (especially IRC §6103, IRC §6104, IRC §6105 , IRC §6110, IRC §7213, IRC §7213A, and IRC §7431, the Freedom of Information Act (5 U.S.C. 552), and the Privacy Act (5 U.S.C. 552a). Disclosure laws balance the competing interests of protection of the public's personal and financial privacy while maintaining open and effective administration of government.

  3. This IRM provides the instructions, guidelines, and procedures necessary to fulfill our obligations under the disclosure laws.

11.3.1.2  (03-07-2008)
Disclosure Research Tools

  1. There are various web-based products available for both Disclosure personnel and IRS employees that are useful in either responding to technical inquiries and in understanding your disclosure requirements.

  2. The tools available to assist Disclosure personnel can be found on the Disclosure web page through the Disclosure Resources web page and are as follows:

    1. The Disclosure Dispatch – a monthly newsletter providing technical and procedural information primarily for use in processing Disclosure casework or in responding to disclosure related technical inquires

    2. The Issue Identification and Resolution System – a process whereby Disclosure and other Governmental Liaison and Disclosure (GLD) personnel can elevate issues related to IRM changes, or identify unique technical issues where no current policy exists. Once guidance is formulated, it is issued either through the IMD process or an all employee notification

    3. Disclosure Alerts - Disclosure Alerts focus on a single issue, expectation, or announcement that requires the immediate attention of Disclosure employees

  3. The tools available to assist other IRS employees in understanding and applying their disclosure responsibilities can also be found on the Disclosure Reference web page at the following link: http://mysbse.web.irs.gov/CLD/GLD/Disclosure/Reference/default.aspx . Some examples of what is available are as follows:

    1. Hot Topics - address frequently asked Disclosure questions on issues of interest to all IRS employees. They are reviewed and updated regularly

    2. Disclosure Resources by Function - Find links to Job Aids, and IRM sections of greatest interest to IRS employees and managers organized by the type of work you do

    3. Disclosure basics – a number of communications that discuss the basics of what all IRS employees need to know about disclosure

    4. Reporting Inadvertent Disclosures – what to do in the event of an inadvertent disclosure of tax or Privacy Act information and the process for completing the required report

11.3.1.3  (03-07-2008)
Requests for Advice or Legal Opinions on Disclosure Matters

  1. The Office of Governmental Liaison and Disclosure GLD) is responsible for the IRS disclosure program. To meet this responsibility, the Office of GLD must be kept informed of the problems and questions that the various IRS functions encounter. Accordingly, requests for advice or legal opinions are to be addressed to the Office of GLD.

  2. The Office of GLD will often be able to respond to such inquiries directly since many of the questions raised are either procedural in nature or involve legal issues which have already been addressed by the Office of Associate Chief Counsel (Procedure and Administration). Disclosure officials needing assistance on technical disclosure matters should seek assistance, through appropriate channels, from the Office of the Chief Disclosure.

  3. Staff of the Office of GLD and Chief Disclosure will refer issues that require legal advice to the Office of Associate Chief Counsel (Procedure and Administration) using agreed upon procedures and will provide guidance to the requester after receiving advice from Counsel.

11.3.1.4  (03-07-2008)
Safeguarding and Disposing of Tax Returns, Return Information and Other Confidential Records

  1. In administering Federal tax laws, the IRS receives, collects, and maintains vast amounts of information protected by law. The Internal Revenue Code prohibits unauthorized disclosure of tax returns and return information. The United States Code Title 18, Section 1905 (18 U.S.C. 1905), prohibits unauthorized disclosure of certain types of confidential financial and commercial information. The Privacy Act, 5 U.S.C. 552a, prohibits unauthorized disclosure of information from systems of records pertaining to individuals. Each of these statutes provides criminal and/or civil sanctions for unauthorized disclosure of protected information.

  2. All IRS officials and employees must be aware of information that must be protected, how to protect it, and how to dispose of or destroy the information when it is no longer required. Proper destruction of protected records is an especially important step in preventing unauthorized disclosures that could occur when protected records are merely discarded.

  3. IRM 1.15.2, Types of Records and their Life Cycles, and IRM 1.16.1, Physical Security Program, provide specific guidelines and procedures for safeguarding and disposing of protected records.

11.3.1.5  (03-07-2008)
Unauthorized Access and Disclosures of Returns or Return Information

  1. An unauthorized access or disclosure is willful when it is done voluntarily and intentionally with full knowledge that it is wrong.

11.3.1.5.1  (03-07-2008)
Criminal Penalties Under IRC §7213

  1. IRC §7213 makes the willful unauthorized disclosure of a return or return information a felony punishable by a fine of up to $5,000, or imprisonment of not more than 5 years, or both, together with the costs of prosecution.

  2. Upon conviction, officers or employees of the United States will also be dismissed from office or discharged from employment.

    Note:

    IRC §7213 also covers willful disclosures of software source code data protected by IRC §7612.

11.3.1.5.2  (05-24-2005)
Criminal Penalties Under IRC §7213A

  1. IRC §7213A makes unauthorized access to returns or return information a misdemeanor punishable by a fine of up to $1,000.00 or imprisonment of not more than one year, or both, together with the costs of prosecution. Upon conviction, officers or employees of the United States will also be dismissed from office or discharged from employment.

11.3.1.5.3  (05-24-2005)
Criminal Penalties Under IRC §7217

  1. IRC §7217 prohibits Executive Branch influence over taxpayer audits and other investigations.

  2. IRC §7217 applies to:

    • the President

    • any employee of the Executive Office of the President

    • the Vice President

    • any employee of the Executive Office of the Vice President and

    • any person (other than the Attorney General of the United States) serving in a position specified in 5 U.S.C. 5312 (generally, cabinet positions)

  3. It is unlawful for any person described in (2) above to request, directly or indirectly, any officer or employee of the IRS to conduct or terminate any audit or other investigation of any particular taxpayer with respect to the tax liability of such taxpayer.

    Exception:

    Requests for information accompanied with a consent pursuant to IRC §6103(c) do not fall under IRC §7217.

  4. Willful violation of IRC §7217 is punishable, upon conviction, by a fine in any amount not exceeding $5,000 or imprisonment of not more than 5 years, or both, together with the costs of prosecution.

  5. IRC §7217 requires that any officer or employee of the IRS receiving any request prohibited by IRC §7217 shall report the receipt of such request to the Treasury Inspector General for Tax Administration (TIGTA). Failure to do so is a felony subject to the sanctions in (4) above.

11.3.1.5.4  (05-24-2005)
Civil Liability Under IRC §7431

  1. In addition to the criminal penalties imposed by IRC §7213 and IRC §7213A, Congress established a civil remedy for any taxpayer whose return or return information is unlawfully inspected or disclosed.

  2. IRC §7431 provides that where a Federal officer or employee knowingly or negligently inspects or discloses a taxpayer's return or return information in violation of IRC §6103, the taxpayer may bring a civil action for damages against the United States.

  3. Non-Federal employees may be sued personally for damages under IRC §7431, if they violate IRC §6103.

  4. No liability shall arise under IRC §7431 where the disclosure was the result of a good faith, but erroneous, interpretation of IRC §6103, or was requested by the taxpayer.

11.3.1.6  (03-07-2008)
Reporting Unauthorized Accesses or Disclosures

  1. For a complete discussion of the rules concerning unauthorized accesses or disclosures of confidential tax information, see IRM 11.3.38, Reporting Unauthorized Accesses or Disclosures.

  2. Indications of willful (voluntarily and intentional with full knowledge of wrongdoing) unauthorized accesses or disclosures of returns or return information must be reported to TIGTA. Field employees should report these matters to the local TIGTA office. Washington, D.C., metro area employees should report these matters to TIGTA's main office.

  3. Unauthorized disclosures where no willfulness is involved, and as described in IRM 11.3.38, are not willful and are therefore excepted from the above TIGTA reporting procedures. Employees must report violations of this nature directly to their immediate supervisors who, in turn, are to report them to the local Disclosure Manager. Form 10848, Report of Inadvertent Disclosure of Tax And Privacy Act Information, is used for this purpose.

    Note:

    Mail sent to an address of record but opened by a third party is not an unauthorized disclosure. Disclosures resulting from machine malfunctions, such as mail stuffing errors, are not required to be reported on Form 10848. Nonetheless, these disclosures should be brought to the attention of the reporting employee’s immediate supervisor who should take appropriate action to address the issue. Reports of loss or theft of government property including laptop computers are to be reported in accordance with the guidance issued by Modernization and Information Technology Services found at: http://www.csirc.web.irs.gov/about/contact.html. They are not to be reported to Disclosure.

  4. Generally employees commit inadvertent disclosure errors once (e.g., because of a misunderstanding of rules or procedures), and no further corrective action is necessary once the matter is discussed with the employee. Occasionally errors are repeated by the same employee or are serious enough even in one incident to warrant corrective action. When a manager thinks additional corrective action is necessary, he or she should consult the Labor Relations staff to determine if conduct or performance action is appropriate. The manager should still complete a Report of Inadvertent Disclosure of Tax and Privacy Act Information form and send part II to Disclosure. Disclosure can advise the manager and Labor Relations about the technical aspects of the disclosure, but not the appropriateness of any conduct or performance action. Again, if the manager believes an unauthorized disclosure is willful or deliberate, he or she should report it to TIGTA rather than to Disclosure and Labor Relations.

11.3.1.7  (04-04-2008)
Notice to Recipients of Returns or Return Information

  1. Generally, persons or agencies to whom IRS directly discloses returns or return information pursuant to IRC §6103 shall be informed in writing of the applicable criminal and civil sanctions for unauthorized inspections or disclosures as provided by IRC §7213, IRC §7213A, and IRC §7431. This may be accomplished by the use of Notice 129 ( See Exhibit 11.3.1-1 wherever possible. If the use of Notice 129 is not practical, insert text equivalent to Notice 129 in the response or transmittal letter to the requester.

  2. Notice 129 (as revised) should be affixed to each magnetic media provided. ( See Exhibit 11.3.1-2). With the migration to a secure electronic transmittal of this information, the Notice 129A cannot currently be embedded in the electronic control file. Agencies receiving in these transmittals have been previously notified of the content of the Notice 129A and are subject to on-going safeguard reviews that verify the agencies, compliance with the disclosure laws and statutes discussed in the Notice.

  3. Notices are not necessary for disclosures under IRC §6103(h)(1) IRC §6103(h)(6), IRC §6103(k)(6) , or to Congressional committees.

  4. Some recipients of returns or return information who are covered by IRC §6103(a) do not receive the information directly from the IRS. Instead they receive the information from other Federal agencies who have the authority to make a re-disclosure (e.g., IRC §6103(I)(6) or IRC §6103(I)(10) disclosures to state or local child support enforcement agencies that receive information through the Health and Human Services Office of Child Support Enforcement, or IRC §6103(I)(12) disclosures to employees and officers of qualified employers or groups health plans from Centers for Medicare & Medicaid Services). The IRS will not be able to provide notices to these recipients. Instead, the IRS in its initial dealings with the recipient agency and in its written agreements, includes cautions for dissemination of confidential tax information.

11.3.1.8  (05-24-2005)
Authority to Make Disclosures

  1. The latest revision of Delegation Order 11-2, Authority to Permit Disclosure of Tax Information and to Permit Testimony or the Production of Documents, should be used to determine proper delegated authority. In addition, local or function specific re-delegations of 11-2 authority should be consulted.

  2. Delegation of authority to respond to Freedom of Information Act and Privacy Act requests is issued by the Director, Office of GLD.

11.3.1.9  (03-07-2008)
Records Disposition For Disclosure

  1. Records and files, created or maintained in the administration and execution of the disclosure program, must be disposed of in accordance with applicable legal and administrative requirements. See IRM 11.3.1.14 for information on IRS-wide records management issues.

  2. Records or files must never be destroyed while they are the subject of a pending request, appeal, or lawsuit under 5 U.S.C. 552 (FOIA), notwithstanding applicable disposition schedules.

  3. IRM 1.15.1, Records Management, provides instructions for the management of records in the IRS. Records Management also requires that all records be retained and disposed of in accordance with established Records Control Schedules.

  4. Records created within or for the Disclosure function derive their retention periods from National Archives and Records Administration (NARA) General Records Schedule 14 or approved authorizations from the IRS Records Management Officer or Archivist of the United States.

  5. The GLD Records Control Schedule as revised has been recently approved and published. It contains records control schedules for Disclosure specific records and should be consulted as needed. It can be accessed at: http://mysbse.web.irs.gov/CLD/GLD/Disclosure/Office/Awareness/PPT/6096.aspx

  6. All non-record copies or reference materials may be destroyed when no longer needed.

  7. Disposition instructions must be requested from the Director, Office of GLD, and cleared through the Records Management Officer for any item that is not included in the schedule.

  8. Any item that has historical significance must be scheduled for offer to the National Archives and Records Administration. Disposition instructions will be issued on a case by case basis for records believed to have historical significance after approval of written justification for permanent retention. Forward such written justification to the Director, Office of GLD, who will clear it through the Records Management Officer of the IRS before disposition instructions are issued.

11.3.1.10  (04-04-2008)
Facsimile Transmission of Tax Information

  1. Faxing of tax information to other IRS offices is permitted consistent with existing internal rules. The subsections below provide guidance in determining whether it is appropriate to fax tax information to taxpayers or their authorized representatives within the United States, U.S. possessions, commonwealths, and territories. See IRM 10.8.1, Facsimile and Facsimile Devices, which contains several clarifying examples. A chart highlighting faxing rules can be found at: http://mysbse.web.irs.gov/CLD/GLD/Disclosure/Office/TechnicalResources/IRC+6103/Guidelines/3272.aspx . IRM 10.8.1 includes more detailed information on faxing between IRS offices and should be referenced for questions about that process.

  2. Facsimile transmission of sensitive but unclassified (SBU) material (which includes tax information) to foreign countries is governed by the Department of State. If operational requirements demand that sensitive but unclassified (SBU) information be sent by unclassified fax to overseas locations, the originator must carefully review the document and comply with all requirements contained in IRM 11.3.1.10, Facsimile Transmission of Tax Information. The transmission of SBU information must be restricted to the conduct of official U.S. business. The custodian of the information must ensure that the recipient’s facsimile phone number is correct, that the recipient is authorized to receive the information, and when faxed to a number outside U.S. Government control, that the recipient is present to receive the information.

  3. The legal authority for permitting facsimile transmission of tax information is consistent with that which allows for the telephonic disclosures of tax information and the mailing of tax information. However, since faxing presents more security vulnerabilities, careful consideration of all IRC §6103 requirements is especially important. Information shall only be disclosed in accordance with the IRC.

  4. Faxing of tax or Privacy Act information should only be used in those situations where the authorized recipient has approved use of the faxing method for the information involved.

  5. The facts and circumstances of each case should be considered prior to making a disclosure via facsimile transmission.

  6. Careful consideration should be given to accepting faxed return information in conjunction with examination activity, collection activity, and criminal investigations. Employees must consider and evaluate the need to examine original documents as opposed to faxed copies.

  7. Issues concerning the acceptance of a faxed return, document, signature, etc., as opposed to obtaining the original, must be addressed individually. See the Deputy Commissioner for Services and Enforcement June 24, 2003 memo on "New Policy for Use of Fax and Signature Stamps in Taxpayer Submissions." See IRM 21.3.4, Use of Fax for Taxpayer Submissions. In situations concerning the legality of accepting a fax in lieu of original documents, assistance and guidance of Counsel should be sought.

  8. Each office establishing formal guidelines for faxing should address the potential need for a paper trail, such as maintaining a centralized log. Logs should be maintained based upon local office need; however, all applicable statutory requirements must be met.

  9. Procedures for facsimile transmissions of tax information to taxpayers and their authorized representatives include:

    1. Obtaining the requester's identity and verifying their entitlement to receive the requested information consistent with established program requirements. Information will only be faxed if the taxpayer or authorized representative has approved the use of fax. They should also be informed of the security limitations inherent in the use of the fax. If the fax number for the taxpayer is a fax machine not situated at the location of the taxpayer/representative, see below

    2. Obtain specific information concerning the nature of the inquiry, such as the type of tax involved and the tax period(s) covered

    3. If someone other than the taxpayer is calling, identify the caller and his or her capacity in acting on behalf of the taxpayer

    4. Prior to faxing any tax information to a taxpayer’s representative, a determination must first be made concerning whether that person has a valid disclosure authorization on file with the IRS. A disclosure authorization could be a formal Power of Attorney (POA) on Document 2848, Power of Attorney, or a general written disclosure consent from the taxpayer. Form 8821, Tax Information Authorization (TIA), can be used for this purpose. As appropriate, an oral disclosure authorization (see IRM 11.3.2, Requirements for Verbal or Electronic Requests) may be used to permit faxing to authorized third parties. Disclosure authorizations must meet the requirements of IRC §6103(c) and 26 CFR 301.6103(c)-1, or the Conference and Practice Regulations. The same general rules apply to requests from individuals or attorneys-in-fact with a material interest under IRC §6103(e). Faxing tax information to/through a third party requires a reasonable expectation that the third party will have access to the fax information

      Note:

      As to whether an authorization can be verbal, the answer will depend upon circumstances and whether or not the third party will be assisting the taxpayer in resolving a tax matter or just receiving the fax on behalf of the taxpayer. A verbal authorization should not be accepted from a taxpayer to send tax information to a third party just because the taxpayer will not be present to receive it or just for the convenience of the taxpayer. You cannot accept a verbal authorization to fax and provide tax information to a third party if that third party will not assisting the taxpayer in resolving a tax matter. Sending a transcript of account to a mortgage loan company for the purpose of securing a student loan is an example where written authorization is required. This is because the third party will not be assisting the taxpayer in resolving a tax matter. IRS can, though, accept a verbal authorization from a taxpayer to fax tax information to a third party, if that third party can provide assistance to the taxpayer in resolving a tax matter. If the third party will be able to use the tax information to assist the taxpayer in resolving a collection or an examination issue, then IRS can accept a verbal authorization from the taxpayer to fax this information to the third party. Functional guidance should be followed in documenting that verbal authorization was provided and the scope of that authorization.

    5. If there is not a valid disclosure authorization on file with the IRS, the caller should be requested to first provide this information. At this time, the IRS employee can ask the caller to include a fax number on the authorization. IRS procedures permit the acceptance of a faxed Power of Attorney or Tax Information Authorization form. Entry onto the Centralized Authorization File (CAF) may be appropriate

    6. If there is a current and valid disclosure authorization on file with the IRS, the employee must determine whether the individual calling is the authorized recipient of record and whether the authorization covers the specific tax matter or issue. The CAF or IDRS system may be used by employees when making these determinations

    7. Employees should determine the specific information required to properly respond to the caller’s question. Only pertinent tax information should be faxed

    8. The caller’s fax number and the address where the information will be faxed should be obtained. This may provide another source of verification for address information to assist in verifying the correctness of the disclosure authorization or may help verify the taxpayer’s address of record. Case files should be properly documented to show where the tax information was faxed, who received it, and how receipt of the faxed information was acknowledged. If no history/documentation is kept as part of a particular program, then no notation is possible or needed. If case files are kept, functional management will determine the methodology that most makes sense. There is no intent to create additional files where they are not already a part of a program

      Note:

      The above comments are not intended to require taxpayers or other authorized third parties to stay on the telephone to acknowledge receipt of the fax. A copy of the fax confirmation sheet is sufficient to ensure proper delivery, and satisfies any documentation requirement.

  10. The information in (9) above is not all inclusive. If any doubt exists as to the validity of the caller’s identity, entitlement, and/or intent, information should be mailed to the taxpayer’s address of record.

  11. While faxed information is not sealed and little protection may be guaranteed at the receiving end, certain precautions are to be used to protect confidential tax information. At a minimum, a cover sheet, identifying the person for whom the information is intended and how many pages are being faxed, must be used. This cover sheet should not contain specific confidential information of the taxpayer other than their name and phone number, assuming the fax is directed to the taxpayer. If faxing to an authorized third party, put the name of the third party on the cover sheet, not the taxpayer's name, TIN, or other confidential information. The information should be faxed in an order in which the cover sheet will become the first page covering the faxed tax information.

  12. The following statement is to be used on all cover sheets:

    "This communication is intended for the sole use of the individual to whom it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this communication is not the intended recipient or the employee or agent for delivering the communication to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication may be strictly prohibited. If you have received this communication in error, please notify the sender immediately by telephone (collect, if necessary), and return the communication to the address above via the United States Postal Service. Thank you."

  13. IRS policy is that we accept collect calls in misdirected fax notifications. This is based on the fact that we must take reasonable steps to correct the error and get the faxed information to the correct party. Also, the number of misdirected fax situations should be few. Any perceived conflict with a general IRS policy of accepting collect calls can be mitigated by using a toll free number for reporting misdirected faxes.

  14. If an IRS employee receiving a phone call notification regarding a misdirected fax decides, after talking with the recipient, that, the caller will properly destroy (e.g., shred) the misdirected information, the IRS employee need not ask the recipient to return the information to the IRS. If the IRS employee is concerned that the unintended recipient may not properly destroy the faxed information, the employee may request that the information be mailed back to the IRS and may take such steps necessary for the Government to cover the costs for such mailing.

    Note:

    The IRS employee may take into consideration such matters as whether the error in transmission was brought to the attention of the IRS by the unintended recipient or whether the unintended recipient has a known relationship with the taxpayer whose information is at issue in the faxed material.

  15. Guidelines for faxing between IRS offices were contained in a July 2000 memo from IRS' Chief Information Officer to all IRS Executives. See IRM 10.8.1,Information Technology (IT) Security Policy and Guidance for the use of non-encrypted fax machines to transmit SBU information (including returns and return information) between IRS offices in the United States is permissible as long as the following physical security and management controls are used:

    1. Having a trusted staff member at both the sending and receiving fax machines, or having a locked room for the fax machine with custodial coverage over outgoing and incoming transmissions

    2. Accurately maintaining broadcast lists and other preset numbers of frequent recipients of SBU data and

    3. Including a cover sheet on fax transmissions that explicitly provides guidance to the recipient. See IRM 11.3.1.6 above, which includes:
      A notification of the sensitivity of the data and the need for protection and
      A notice to unintended recipients to telephone the sender (collect, if necessary) to report the disclosure and confirm destruction of the information.

  16. Fax machines should be secured at the end of the day.

11.3.1.11  (03-07-2008)
Access by the Office of Government Ethics (OGE)

  1. The United States Office of Government Ethics (OGE) has no independent right of access to tax information under IRC §6103. OGE's statutory mandate is not tax administration.

  2. When IRS employees report ethics violations to the OGE, no tax information may be disclosed. OGE's authorizing statute recognizes that OGE will not have access to agency records prohibited by law from disclosure.

11.3.1.12  (03-07-2008)
Relatives of IRS employees and Protecting Confidentiality

  1. Relatives of IRS employees have no right to access or receive confidential information based on their relationship to the IRS employee. Potential criminal and civil penalties under IRC §7213, IRC §7213A, IRC §7431, 5 USC 552, and 18 USC 1905, among others, could apply to such accesses/disclosure.

  2. When IRS employees bring confidential information home, all applicable security rules must be followed (e.g., Flexiplace guidelines).

  3. When IRS employees bring relatives (e.g., children) into their work environment, care must be exercised to ensure that the visitors are not exposed to confidential information verbally, on computer screens or in hard copy. It is immaterial whether the visitors have an interest in the material or understand the technical work-related meaning of the information. During "Take Your Children to Work Day" , children cannot be allowed access to confidential information while parents explain their job or tour the work environment, etc. Even simple tasks such as photocopying could involve inappropriate exposure to confidential information. Exposure to confidential information is not allowed and can have severe consequences.

  4. Relatives must not accompany employees during field compliance activities where the accompaniment itself could reveal who has a tax liability, who is being examined, etc.

11.3.1.13  (05-24-2005)
Security and Disclosure

  1. Security and disclosure are not synonymous. Practicing security awareness reduces the risk of unauthorized or inappropriate access or disclosure. The Disclosure function has no jurisdiction over the rules applicable to physical and computer security, but does work closely with the security functions in the setting and communicating of standards.

  2. Physical security standards fall under the oversight of Agency Wide Shared Services (AWSS) Physical Security and Emergency Preparedness. See IRM 1.16.1, Physical Security Program .

  3. Computer and electronic security, including use of E-mail and the Secure Messaging System, fall under the oversight of Information MITS Cybersecurity Policy and Program Management. See IRM 10.8.1, Information Technology Services (IT) Policy and Guidance.

  4. Modernization & Information Technology Services has final jurisdiction over security policy as it applies to faxing and use of cordless devices. They have concurred with the guidelines on faxing and cordless devices as detailed respectively in subsection 11.3.1.10 above, and IRM 11.3.2, Use of Cell Phones and Cordless Devices .

11.3.1.13.1  (03-07-2008)
Voice Mail Systems

  1. Security rules for IRS's Voice Messaging System (VMS) may be found in IRM 10.8.1, Information Technology Services (IT) Policy and Guidance.

  2. Currently, IRM 10.8.1, sub section .5.4.5, Voice Communications, states that sensitive information may not be transmitted on IRS voice mail systems.

  3. IRM 11.3.2.6.1, Leaving Information on Answering Machines/Voice Mail, provides guidance on the use of answering machines/voice mail during taxpayer contacts.

11.3.1.13.2  (03-07-2008)
Electronic Mail and Secure Messaging

  1. Some general rules for E-mail and Secure Messaging.

    1. Employees may not use E-mail to transmit SBU data unless they use the IRS Secure Messaging (SM) system. SM allows users to encrypt E-mail messages and attachments for transmission between IRS employees. Both the sender and recipient must have SM in order for the E-mail to be protected

    2. SBU information includes taxpayer data, Privacy Act protected information, some law enforcement information, and other information protected by statute or regulation. See IRM 10.8.1 for an exact definition of SBU

    3. SBU data may be transmitted to other employees provided the recipient has a need to know the information and such release is otherwise consistent with statutory requirements. Note that subject lines are not encrypted and they should not contain SBU information

    4. SBU data may not be sent to parties outside of IRS, including other government agencies, taxpayers, or their representatives. Employees can receive E-mail containing SBU data from taxpayers or their representatives. Employees cannot send E-mails containing SBU data out side the IRS network, even if specifically authorized by the taxpayer. Exceptions must have the approval of Modernization & Information Technology Services Office of Cybersecurity Policy and Program Management. See IRM 10.8.1

    5. Sensitive law enforcement information must not be transmitted by E-mail, even when encrypted. This includes information related to informants or undercover activities

11.3.1.14  (03-07-2008)
Records Management

  1. Records management is the planning, controlling, directing, organizing, training, promoting, and other related activities related to the creation, maintenance, use, and disposition of records for proper documentation of an agency's policies and transactions. Records management in IRS comes under the jurisdiction of the IRS Records and Information Management Services (RIMS) Program, part of Agency-wide Shared Services (AWSS).

  2. A Federal record is any recorded information relating to work of an office regardless of the medium, who created the record, or how it was created. Most records are paper documents, but increasingly records are becoming electronically generated and maintained (e.g., Word, Excel, and E-mail documents). Other types of records include photographs, maps, microfilm and fiche, video and sound recordings, and computer tapes or diskettes and CDs.

  3. The Federal Records Act of 1950, as amended, governs the creation and preservation of government files. Other statutes and policies also apply. IRS works closely with the National Archives and Records Administration to ensure compliance with records management requirements.

  4. IRM 1.15.1, The Records Management Program, IRM 1.15.2, Types of Records and their Life Cycle, IRM 1.15.3, Disposing of Records, and IRM 1.15.7, Files Management, should be consulted for guidance on the records management program. The Records Management website is: http://awss.web.irs.gov/facilities/RecordsMgmt/REFM-Index.htm.

11.3.1.15  (03-07-2008)
Security Inspections

  1. In today's climate, security checks are everywhere - IRS offices, airports, and at other buildings IRS employes must access during the performance of official duties.

  2. Certain precautions are needed to mitigate the risk of disclosures that might occur when employees are subject to a security check and their briefcase or suitcase contains tax information or other sensitive data.

11.3.1.15.1  (03-07-2008)
Transporting Documents

  1. When carrying sensitive documents, even within IRS buildings, certain steps should be taken to limit the risk of disclosure.

  2. Inadvertent disclosure of confidential data can be avoided by taking a few simple precautions. Employees will:

    1. Carry sensitive information only when necessary

    2. Protect sensitive information by:
      Covering it with a blank piece of paper.
      Placing it in an envelope large enough to cover any tabs or other identifying information and labeling the envelope confidential.

11.3.1.15.2  (03-07-2008)
Planning and Consequences

  1. Proper planning, along with consideration of proper security measures should allow employees to perform their normal duties with minimal disclosure concerns. When a concern arises, Disclosure personnel will help to analyze the issue, alleviate the concern, and advise the employee on the best course of action to take.

  2. An unauthorized disclosure is considered willful only when it is made voluntarily and intentionally, with full knowledge that it is wrong. Any inadvertent disclosure that might occur when clearing security should not meet the criteria of a willful disclosure when the employee has exercised care.

11.3.1.16  (03-07-2008)
Redacting Transcripts

  1. Whenever providing tax information to taxpayers or their representatives, it is important to ensure that only authorized information is disclosed.

  2. Often, tax transcripts (including computer printouts) must be sanitized by redacting information that:

    • Belongs to a different taxpayer

    • Includes a type of tax or a period not covered by a disclosure authorization

    • Is prohibited by statute from being disclosed (e.g. DIF or SERFE score)

    • If released will impair Federal tax administration


    Any such redactions must be authorized by a functional employee having authorization to do so. See Delegation Order 11-2 or established functional guidelines on transcript redacting

  3. Functional IRMs and various sections of IRM 11.3 provide guidance about redacting standards.

  4. While some transcripts are specifically designed for taxpayer use (e.g., RTFTP, MFTRAX, IRPTRW without the summary sheet), others are not and require much more scrutiny and deliberation before release to a taxpayer is made.

  5. Freedom of Information Act redaction guidelines must be followed when applicable. See IRM 11.3.13, Freedom of Information Act.

  6. Disclosure personnel can be consulted with questions regarding redactions.

11.3.1.17  (03-07-2008)
Office of Special Counsel

  1. The Office of Special Counsel (OSC) is an independent Federal investigative agency whose primary mission is to safeguard the merit system by protecting Federal employees and applicants from prohibited personnel practices, such as reprisal for whistle-blowing. Occasionally in the context of an OSC investigation, or the use of tax information in a court proceeding, a question arises as to whether tax information may be accessed by OSC.

    Example:

    An IRS employee alleges that his/her manager retaliated against him/her for making a complaint that the audit selection process in a particular location was racially discriminatory, and OSC opens an investigation. During the investigation, OSC determines that it needs tax information from the employee's case to complete the investigation.

  2. The OSC investigation is a "proceeding affecting the personnel rights" of the employee. Tax information may be disclosed to the OSC investigator under IRC §6103(l)(4)(B) if the IRS determines that the disclosure is necessary to advance or protect the interests of the United States. Generally, OSC should be asked to make a written request explaining the reasons why tax information is needed. Data should be stripped of identifiers unless inclusion of identifying information is necessary to advance or protect the interests of the United States. If the investigation's focus turns to the actions of a specific manager, then the OSC investigation is also a "proceeding affecting the personnel rights" of the manager. At that point, the manager (or his private attorney) may make an IRC §6103(l)(4)(A) request for relevant and material tax information. Disclosures must be approved by officials having Delegation Order 11-2 authority. See IRM 11.3.20, Personnel Records, for more information on IRC §6103(l)(4).

  3. The Privacy Act may be involved if OSC requests nontax information, such as personnel records, from the IRS. Personnel records may be turned over to OSC pursuant to the "routine use" authority of Treasury/IRS System of Records 36.003, General Personnel and Payroll Records .

Exhibit 11.3.1-1  (05-24-2005)
Notice 129

Disclosure Limitations
Unauthorized inspection or disclosure, printing, or publishing of any Federal return or return information, or any information therefrom, may be punishable by fine or imprisonment and in the case of Federal officers or employees, dismissal from office or employment. See IRC §7213 and IRC §7213A and 18 U.S.C. section 1905. In addition, IRC §7431 provides for civil damages for unauthorized disclosure of such information.
Disposition Instructions
Copies of Tax Returns, Related Documents, Abstracts, and Transcripts:
1. Copies provided, together with any additional copies made by the requester, must be returned to the furnishing IRS office unless specific arrangements have been made for their retention in accordance with IRC §6103(p)(4).
2. Retained copies, other than those that are made part of an official hearing or trial record, must be destroyed after they have served their purpose by shredding, burning, or other process that will render the copies unintelligible.
Magnetic Tapes
Tapes should be degaussed after they have served their purpose.
Department of the Treasury
Internal Revenue Service		 Notice 129 (Rev. 12-97)
Catalog Number 45546L

Exhibit 11.3.1-2  (05-24-2005)
Notice 129A

Disclosure Limitations
Unauthorized inspection or disclosure, printing, or publishing of any Federal return or return information, or any information therefrom, may be punishable by fine or imprisonment and in the case of Federal officers or employees, dismissal from office or employment. See IRC §7213 and IRC §7213A and 18 U.S.C. section 1905. In addition, IRC §7431 provides for civil damages for unauthorized inspection or disclosure of such information. Tapes should be degaussed after they have served their purpose, disposed of in accordance with Publication 1075 disposition guidelines, or returned to the IRS.
Department of the Treasury
Internal Revenue Service		 Notice 129A (Rev. 12-97)
Cat. No. 45547W

More Internal Revenue Manual