IRS Logo
Print - Click this link to Print this page

Reporting Improper Inspections or Disclosures

Upon discovering a possible improper inspection or disclosure of FTI, including breaches and security incidents, by a federal employee, a state employee, or any other person, the individual making the observation or receiving information should contact the office of the appropriate Special Agent-in-Charge, Treasury Inspector General for Tax Administration (TIGTA) and the IRS (section 10.2).

TIGTA Field Division Information
TIGTA Field Division States Served by Field Division Telephone Number

Atlanta

Commonwealth of Puerto Rico, Virgin Islands, Alabama, Florida, Georgia, North Carolina, South Carolina, Tennessee

(404) 338-7449

Chicago

Illinois, Indiana, Iowa, Kentucky, Michigan, Minnesota, Ohio, North Dakota, South Dakota, Wisconsin

(312) 886-0620 X 104

Dallas

Kansas, Louisiana, Missouri, Nebraska, Oklahoma, Texas

(972) 308-1400

Denver

Alaska, Arizona, Colorado, Idaho, Montana, New Mexico, Nevada, Oregon, Utah, Washington, Wyoming

(303) 291-6102

New York

Connecticut, Maine, Massachusetts, New Hampshire, New York, Rhode Island, Vermont

(917) 408-5641

San Francisco

California, Hawaii

(510) 637-2558

Washington

Delaware, Maryland, New Jersey, Pennsylvania, Virginia, Washington DC, West Virginia

(202) 283-3001

Internal Affairs Division

Guam, American Samoa, Commonwealth of Northern Mariana Islands, Trust Territory of the Pacific Islands

(202) 927-7197

Mailing Address:

Treasury Inspector General for Tax Administration
Ben Franklin Station
P.O. Box 589
Washington, DC 20044-0589

Hotline Number: 1-800-589-3718
Web Site: U.S. Treasury Inspector General for Tax Administration (TIGTA)

Office of Safeguards Notification Process

Simultaneously to notifying TIGTA, the agency must notify the IRS Office of Safeguards. The TIGTA contact information is shown in section 10.1.

To notify the IRS Office of Safeguards, the agency should document the specifics of the incident known at that time into a Data Incident Report, including but not limited to:

  • Name of agency and agency point of contact for resolving data incident with their contact information
  • Date and time of the incident
  • Date and time the incident was discovered
  • How the incident was discovered
  • Description of the incident and the data involved. Include specific data elements if known.
  • Potential number of FTI records involved. If unknown, provide a range if possible.
  • Address where the incident occurred
  • Information technology involved (example: laptop, server, mainframe)
  • Do not include any FTI in the Data Incident report.
  • Email the Data Incident Report to the SafeguardReports@IRS.gov mailbox. Reports should be sent electronically and encrypted via IRS approved encryption techniques. Use the term "Data Incident Report" in the subject line of the email.

Note: Timely notification is the most important factor, not the completeness of the Data Incident Report. Additional information will be secured via conversations with the Office of Safeguards.

The focus of the Office of Safeguards’ investigation of the unauthorized access or data breach incident will be to identify processes, procedures, or systems within the agency with inadequate security controls.

Incident Response Procedures

Incident response policies and procedures required in section 9.9 should be used when responding to an identified unauthorized disclosure or data breach incident. Once the incident has been addressed, the agency will conduct a post-incident review to ensure the incident response policies and procedures provided adequate guidance. Any identified deficiencies in the incident response policies and procedures should be resolved immediately. Additional training on any changes to the incident response policies and procedures should be provided to all employees, including contractors and consolidated data center employees, immediately.

Incident Response Timeframes

The agency will contact TIGTA and the IRS immediately, but no later than 24-hours after identification of a possible issue involving FTI. The agency should not wait to conduct an internal investigation to determine if FTI was involved. If FTI may have been involved, the agency must contact TIGTA and the IRS immediately.

Incident Response Cooperation

The agency will cooperate with TIGTA and Office of Safeguards investigators, providing data and access as needed to determine the facts and circumstances of the incident. Based upon the analysis of the incident, the agency may be required by the Office of Safeguards to modify security policy, procedure, or controls to more appropriately protect FTI in the possession of the agency. The Office of Safeguards will coordinate with the agency to ensure appropriate follow-up actions taken by the agency have been completed to ensure continued protection of FTI in the possession of the agency.

Incident Response Notification to Impacted Individuals

Notification to impacted individuals regarding an unauthorized disclosure or data breach incident is based upon the agency’s internal policy since the FTI is within the agency’s possession or control. However, the agency must inform the IRS Office of Safeguards of notification activities undertaken, preferably before released to the impacted individuals. In addition, the agency must inform the Office of Safeguards of any pending media releases, including sharing the text, prior to distribution.

References/Related Topics

Page Last Reviewed or Updated: 06-Dec-2013