11.3.1  Introduction to Disclosure  (04-04-2008)

  1. Each of us in the Internal Revenue Service (IRS), is affected in the performance of our duties by laws governing the confidentiality of records and information we work with. Under these laws, we determine what information is confidential, who may have access to it and for what purposes, and how we must account for any release of confidential information. Using these laws, we also determine what information must be made public and, if so, whether the information must be published, made generally available, or made available only upon request. Additionally, these laws restrict the types of personal information we may gather and maintain about individuals, and grant certain individuals the rights to inspect and amend records about themselves.

  2. These laws are collectively referred to as disclosure laws. They are principally composed of certain sections of the Internal Revenue Code (IRC), (especially IRC §§ 6103, 6104, 6105, 6110, 7213, 7213A, and 7431). It also includes the Freedom of Information Act (5 United States Code (U.S.C.) § 552) and the Privacy Act (5 U.S.C. § 552a). Disclosure laws balance the competing interests of protecting the public's personal and financial privacy while maintaining open and effective administration of government.

  3. This Internal Revenue Manual (IRM) provides the instructions, guidelines, and procedures necessary to fulfill our obligations under the disclosure laws.  (03-07-2008)
Disclosure Research Tools

  1. There are various web-based products available for both Disclosure personnel and IRS employees that are useful in either responding to disclosure technical inquiries and in understanding your disclosure requirements.

  2. The tools available for Disclosure personnel can be found on the Disclosure Share Point site These resources include:

    1. The Disclosure Dispatch – a repository of technical and procedural information primarily for Disclosure casework processing or in responding to disclosure related technical inquires.

    2. The Issue Identification and Resolution System – a process whereby Disclosure and other Governmental Liaison and Disclosure (GLD) personnel can elevate issues related to IRM changes, or identify unique technical issues where no current policy exists. Once guidance is formulated, it is issued through either the Internal Management Document process (e.g., Interim Guidance Memos) or an all employee notification.

  3. The tools available to assist other IRS employees in understanding and applying their disclosure responsibilities can also be found on the Disclosure Reference web page at the following link: http://mysbse.web.irs.gov/CLD/GLD/Disclosure/Reference/default.aspx. Here are some examples of what is available:

    1. Hot Topics, Quick Guides, and Disclosure on Demand Videos - address the issues of greatest interest to all IRS employees. They are reviewed and updated regularly.

    2. Disclosure Resources by Function - provides links to the resources listed above organized by the type of work employees perform.

    3. Reporting Inadvertent Disclosures – what to do in the event of an inadvertent disclosure of tax or Privacy Act information.  (03-29-2011)
Disclosure Help Desk for IRS Employees

  1. Since October of 2008, Disclosure personnel have operated an internal toll-free site to assist IRS employees in understanding their disclosure responsibilities and in answering their disclosure related questions.

  2. Disclosure related questions should be referred to the Disclosure Help Desk at 1-866-591-0860. The hours of operation are generally 8:00 a.m. to 5:00 p.m. Central time.

  3. The Help Desk is for IRS EMPLOYEES ONLY. IRS employees should direct external callers to their nearest Disclosure office for assistance.

  4. If a Disclosure employee receives a call from the outside and the caller is abusive, it should be noted that we should not be subjected to this type of behavior. Take the following steps when dealing with an abusive caller:

    1. Remain calm and listen effectively and courteously.

    2. Explain that this phone line is intended for IRS employees and, if not a disclosure question, offer to refer the caller to the proper function.

    3. Respond to any disclosure related questions from the caller.

    4. If the abusive language persists, advise the caller that you will end the call if the abuse continues.

    5. If you need to terminate the call, be sure to advise the caller that you are doing so prior to hanging up.

    6. Advise your manager of the circumstances of the call and note this in your call log.

  5. If you receive a threat during the call, obtain as much information as possible such as the following:

    • the caller’s name

    • Tax Identification Number (TIN)

    • time of the call and

    • any statements made by the caller

    Then, report the contact to TIGTA.  (03-07-2008)
Requests for Advice or Legal Opinions on Disclosure Matters

  1. The Office of Governmental Liaison and Disclosure (GLD) is responsible for the IRS disclosure program. To meet this responsibility, GLD personnel must be kept informed of the problems and questions that the various IRS functions encounter. Accordingly, requests for advice or legal opinions are to be addressed to the Office of GLD.

  2. GLD personnel will often respond to such inquiries directly since many of the questions raised are either procedural in nature or involve legal issues that have already been addressed by the Office of Associate Chief Counsel (Procedure and Administration). Disclosure personnel needing assistance on technical disclosure matters should seek assistance, through appropriate channels, from the staff of the Chief, Disclosure.

  3. Staff of the Office of GLD and Chief, Disclosure will refer issues that require legal advice to the Office of Associate Chief Counsel (Procedure and Administration) using agreed upon procedures and will provide guidance to the requester after receiving advice from Counsel.  (03-29-2011)
Safeguarding and Disposing of Tax Returns, Return Information, and Other Confidential Records

  1. In its administration of Federal tax laws, the IRS receives, collects, and maintains vast amounts of information protected by law. The IRC prohibits unauthorized disclosure of tax returns and return information. The U.S.C. at Title 18, Section 1905 (18 U.S.C. § 1905), prohibits unauthorized disclosure of certain types of confidential financial and commercial information. The Privacy Act, 5 U.S.C. § 552a, prohibits unauthorized disclosures of information from systems of records pertaining to individuals. Each of these statutes provides criminal and civil sanctions for unauthorized disclosure of protected information.

  2. All IRS officials and employees must be aware of information that must be protected, how to protect it, and how to dispose of, or destroy, the information when it is no longer required. Proper destruction of protected records is an important step in the prevention of unauthorized disclosures that could occur when protected records are merely discarded.

  3. IRM 1.15.2, Types of Records and their Life Cycle, and IRM 10.2.1, Physical Security Program - Physical Security, provide specific guidelines and procedures for safeguarding and disposing of protected records.  (03-07-2008)
Unauthorized Access and Disclosures of Returns or Return Information

  1. An unauthorized access or disclosure is willful when it is done voluntarily and intentionally with full knowledge that it is wrong.  (03-07-2008)
Criminal Penalties Under IRC § 7213

  1. IRC § 7213 makes the willful unauthorized disclosure of a return or return information a felony punishable by a fine of up to $5,000, or imprisonment of not more than 5 years, or both, together with the costs of prosecution.

  2. Upon conviction, officers or employees of the United States will also be dismissed from office or discharged from employment.


    IRC § 7213 also covers willful disclosures of software source code data protected by IRC § 7612.  (05-24-2005)
Criminal Penalties Under IRC § 7213A

  1. IRC § 7213A makes unauthorized access to returns or return information a misdemeanor punishable by a fine of up to $1,000, or imprisonment of not more than one year, or both, together with the costs of prosecution.

  2. Upon conviction, officers or employees of the United States will also be dismissed from office or discharged from employment.  (03-29-2011)
Criminal Penalties Under IRC § 7217

  1. IRC § 7217 prohibits Executive Branch influence over taxpayer audits and other investigations.

  2. IRC § 7217 applies to:

    1. the President,

    2. any employee of the Executive Office of the President,

    3. the Vice President,

    4. any employee of the Executive Office of the Vice President, and

    5. any person (other than the Attorney General of the United States) serving in a position specified in 5 U.S.C. § 5312 (generally, cabinet positions).

  3. It is unlawful for any person described in (2) above to directly or indirectly request any officer or employee of the IRS to conduct or terminate any audit or other investigation of any particular taxpayer with respect to the tax liability of such taxpayer.


    Requests for information accompanied with a consent pursuant to IRC § 6103(c), by the Secretary of Treasury as a result of a change in tax policy, or by an applicable person (see (2) above), if such a request is in accordance with the requirements of IRC § 6103, do not fall under IRC § 7217.

  4. Willful violation of IRC § 7217 is punishable, upon conviction, by a fine in any amount not exceeding $5,000, or imprisonment of not more than 5 years, or both, together with the costs of prosecution.

  5. IRC § 7217 requires that any officer or employee of the IRS receiving any request prohibited by IRC § 7217 shall report the receipt of such request to the Treasury Inspector General for Tax Administration (TIGTA). Failure to do so is a felony subject to the sanctions in (4) above.  (05-24-2005)
Civil Liability Under IRC § 7431

  1. In addition to the criminal penalties imposed by IRC §§ 7213 and 7213A, Congress established a civil remedy for any taxpayer whose return or return information is unlawfully inspected or disclosed.

  2. IRC § 7431 provides that where a Federal officer or employee knowingly or negligently inspects or discloses a taxpayer's return or return information in violation of IRC § 6103, the taxpayer may bring a civil action for damages against the United States.

  3. Non-Federal employees may be sued personally for damages under IRC § 7431, if they violate IRC § 6103.

  4. No liability shall arise under IRC § 7431 where the disclosure was the result of a good faith, but erroneous, interpretation of IRC § 6103, or was requested by the taxpayer.  (03-29-2011)
Reporting Unauthorized Accesses or Disclosures

  1. For a discussion of the rules concerning unauthorized accesses or disclosures of confidential tax information, see IRM, Reporting Unauthorized Accesses or Disclosures.

  2. Indications of willful (voluntarily and intentional with full knowledge of wrongdoing) unauthorized accesses or disclosures of returns or return information must be reported to TIGTA. Field employees should report these matters to the local TIGTA office. Washington, D.C., metro area employees should report these matters to TIGTA's main office.

  3. Unauthorized disclosures where no willfulness is involved are not willful and are therefore excepted from the above TIGTA reporting procedures. Employees must follow the procedures in IRM, Privacy, Information Protection and Data Security; IRS Employee Role, to report violations of this nature.


    Mail sent to an address of record but opened by a third party is not an unauthorized disclosure. Disclosures resulting from machine malfunctions, such as mail stuffing errors, are not required to be reported. Nonetheless, these disclosures should be brought to the attention of the reporting employee’s immediate supervisor who should take appropriate action to address the issue. Reports of loss or theft of government property including laptop computers are to be reported in accordance with the guidance issued by Modernization and Information Technology Services found at: http://www.csirc.web.irs.gov/about/contact.html. They are not to be reported to Disclosure.

  4. Generally, employees commit inadvertent disclosure errors once (e.g., because of a misunderstanding of rules or procedures), and no further corrective action is necessary once the employee and the manager discuss the matter. Occasionally errors are repeated by the same employee or are serious enough even in one incident to warrant corrective action. When a manager thinks additional corrective action is necessary, he or she should consult the Labor Relations staff to determine if conduct or performance action is appropriate. Again, if the manager believes an unauthorized disclosure is willful or deliberate, he or she should report it to TIGTA.  (04-04-2008)
Notice to Recipients of Returns or Return Information

  1. Generally, persons or agencies to whom IRS directly discloses returns or return information pursuant to IRC § 6103 will be informed in writing of the applicable criminal and civil sanctions for unauthorized inspections or disclosures as provided by IRC §§ 7213, 7213A, and 7431. This may be accomplished by the use of Notice 129 (See Exhibit 11.3.1-1). If the use of Notice 129 is not practical, insert text equivalent to Notice 129 in the response or transmittal letter to the requester.

  2. Notice 129 (as revised) should be affixed to each magnetic media provided. (See Exhibit 11.3.1-2). With the migration to a secure electronic transmittal of this information, Notice 129A cannot currently be embedded in the electronic control file. Agencies receiving these transmittals have been previously notified of the content of the Notice 129A and are subject to on-going safeguard reviews that verify the agency's compliance with the disclosure laws and statutes discussed in the Notice.

  3. Notices are not necessary for disclosures under IRC § 6103(h)(1),IRC § 6103(h)(6), IRC § 6103(k)(6), or to Congressional committees.

  4. Some recipients of returns or return information who are covered by IRC § 6103(a) do not receive the information directly from the IRS. Instead they receive the information from other Federal agencies that have the authority to make a re-disclosure (e.g., IRC § 6103(I)(6) or IRC § 6103(I)(10) disclosures to state or local child support enforcement agencies that receive information through the Health and Human Services Office of Child Support Enforcement, or IRC § 6103(I)(12) disclosures to employees and officers of qualified employers or groups health plans from the Centers for Medicare & Medicaid Services). The IRS will not be able to provide notices to these recipients. Instead, the IRS in its initial dealings with the recipient agency and in its written agreements, includes cautions for dissemination of confidential tax information.  (05-24-2005)
Authority to Make Disclosures

  1. The latest revision of Delegation Order 11-2, Authority to Permit Disclosure of Tax Information and to Permit Testimony or the Production of Documents, should be used to determine proper delegated authority. Additionally, local or function specific re-delegations of 11-2 authority should be consulted.

  2. Delegation of authority to respond to Freedom of Information Act and Privacy Act requests is issued by the Director, Office of GLD.  (03-07-2008)
Records Disposition For Disclosure

  1. Records and files, created or maintained in the administration and execution of the disclosure program, must be disposed of in accordance with applicable legal and administrative requirements. See IRM for information about IRS-wide records management issues.

  2. Records or files must never be destroyed while they are the subject of a pending request, appeal, or lawsuit under 5 U.S.C. § 552 (FOIA), notwithstanding applicable disposition schedules.

  3. IRM 1.15.1, Records Management, provides instructions for the management of records in the IRS. Records Management also requires that all records be retained and disposed of in accordance with established Records Control Schedules.

  4. Records created within, or for, the Disclosure function derive their retention periods from National Archives and Records Administration General Records Schedule 14 or approved authorizations from the IRS Records Management Officer or Archivist of the United States.

  5. The GLD Records Control Schedule contains records control schedules for Disclosure specific records and should be consulted as needed.

  6. All non-record copies or reference materials may be destroyed when no longer needed.

  7. Disposition instructions must be requested from the Director, Office of GLD, and cleared through the Records Management Officer for any item that is not included in the schedule.

  8. Any item that has historical significance must be scheduled for offer to the National Archives and Records Administration. Disposition instructions will be issued on a case by case basis for records believed to have historical significance after approval of written justification for permanent retention. Forward such written justification to the Director, Office of GLD, who will clear it through the Records Management Officer of the IRS before disposition instructions are issued.  (03-29-2011)
Facsimile Transmission of Tax Information

  1. Faxing of tax information to other IRS offices is permitted consistent with existing internal rules. The subsections below provide guidance in determining whether it is appropriate to fax tax information to taxpayers or their authorized representatives within the United States, U.S. possessions, commonwealths, and territories. See IRM, Information Technology (IT) Security Policy and Guidance, Facsimile and Facsimile Devices, which sets forth overall policy and contains several clarifying examples. IRM also includes more detailed information about faxing between IRS offices and should be referenced for questions about that process.

  2. Facsimile transmission of sensitive but unclassified (SBU) material (that includes tax information) to foreign countries is governed by the Department of State. If operational requirements demand that sensitive but unclassified (SBU) information be sent by unclassified fax to overseas locations, the originator must carefully review the document and comply with all requirements contained in IRM, Facsimile Transmission of Tax Information. The transmission of SBU information must be restricted to the conduct of official U.S. business. The custodian of the information must ensure that the recipient’s facsimile phone number is correct, that the recipient is authorized to receive the information, and when faxed to a number outside U.S. Government control, that the recipient is present to receive the information.

  3. The legal authority for permitting facsimile transmission of tax information is consistent with that which allows for the telephonic disclosures of tax information and the mailing of tax information. However, since faxing presents more security vulnerabilities, careful consideration of all IRC § 6103 requirements is especially important. Information shall be disclosed only in accordance with the IRC.

  4. Faxing of tax or Privacy Act information should be used only in those situations where the authorized recipient has approved use of the faxing method for the information involved.

  5. The facts and circumstances of each case should be considered prior to making a disclosure via facsimile transmission.

  6. Careful consideration should be given to accepting faxed return information in conjunction with examination activity, collection activity, and criminal investigations. Employees must consider and evaluate the need to examine original documents as opposed to faxed copies.

  7. Issues concerning the acceptance of a faxed return, document, signature, etc., as opposed to obtaining the original, must be addressed individually. See the Deputy Commissioner for Services and Enforcement June 24, 2003 memo on "New Policy for Use of Fax and Signature Stamps in Taxpayer Submissions." See IRM, Use of Fax for Taxpayer Submissions. In situations concerning the legality of accepting a fax in lieu of original documents, assistance and guidance of Counsel should be sought.

  8. Each office establishing formal guidelines for faxing should address the potential need for a paper trail, such as a centralized log. Logs should be maintained based upon local office need; however, all applicable statutory requirements must be met.

  9. Procedures for facsimile transmissions of tax information to taxpayers and their authorized representatives include:

    1. Obtaining the requester's identity and verifying the requester's entitlement to receive the requested information consistent with established program requirements. Information will be faxed only if the taxpayer or authorized representative has approved the use of fax. Requesters should also be informed of the security limitations inherent in the use of the fax. If the fax number for the taxpayer is a fax machine not situated at the location of the taxpayer/representative, see below.

    2. Obtain specific information concerning the nature of the inquiry, such as the type of tax involved and the tax period(s) covered.

    3. If someone other than the taxpayer calls, identify the caller and his or her capacity in acting on behalf of the taxpayer.

    4. Prior to faxing any tax information to a taxpayer’s representative, first determine whether that person has a valid disclosure authorization on file with the IRS. A disclosure authorization could be a formal Power of Attorney (POA) on Document 2848, Power of Attorney, or a general written disclosure consent from the taxpayer. Form 8821, Tax Information Authorization (TIA), can be used for this purpose. When appropriate, an oral disclosure authorization (see IRM, Requirements for Verbal or Electronic Requests) may be used to permit faxing to authorized third parties. Disclosure authorizations must meet the requirements of IRC § 6103(c) and 26 Code of Federal Regulations (CFR) § 301.6103(c)-1, or the Conference and Practice Regulations. The same general rules apply to requests from individuals or attorneys-in-fact with a material interest under IRC § 6103(e). Faxing tax information to/through a third party requires a reasonable expectation that the third party will have access to the faxed information.


      In response to whether an authorization can be verbal, the answer will depend upon circumstances and whether or not the third party will be assisting the taxpayer in resolving a tax matter or just receiving the fax on behalf of the taxpayer. A verbal authorization should not be accepted from a taxpayer to send tax information to a third party simply because the taxpayer will not be present to receive it or just for the convenience of the taxpayer. You cannot accept a verbal authorization to fax and provide tax information to a third party if that third party is not assisting the taxpayer in resolving a tax matter. Sending a transcript of account to a mortgage loan company for the purpose of securing a student loan is an example where written authorization is required. This is because the third party will not be assisting the taxpayer in resolving a tax matter. IRS may accept a verbal authorization from a taxpayer to fax tax information to a third party, if that third party can help the taxpayer resolve a tax matter. If the third party will be able to use the tax information to assist the taxpayer in resolving a collection or an examination issue, IRS can accept a verbal authorization from the taxpayer to fax this information to the third party. Functional guidance should be followed in documenting verbal authorization and the scope of that authorization.


      Faxes sent via e-fax involve access to tax information by third-party service providers who act as conduits for the data before it is made available to the requesting taxpayer. Because they are third-parties and are not assisting in the resolution of a tax matter, a valid written consent from the taxpayer designating the e-fax service provider as a recipient of tax information is required. If the taxpayer is unwilling to submit a written consent, the information cannot be sent via e-fax.

    5. If there is not a valid disclosure authorization on file with the IRS, the caller should be requested to first provide this information. At this time, the IRS employee can ask the caller to include a fax number on the authorization. IRS procedures permit the acceptance of a faxed Power of Attorney or Tax Information Authorization form. Entry onto the Centralized Authorization File (CAF) may be appropriate.

    6. If there is a current and valid disclosure authorization on file with the IRS, the employee must determine whether the individual calling is the authorized recipient of record and whether the authorization covers the specific tax matter or issue. The CAF or the Integrated Data Retrieval System (IDRS) may be used by employees when making these determinations.

    7. Employees should determine the specific information required to properly respond to the caller’s question. Only pertinent tax information should be faxed.

    8. The caller’s fax number and the address where the information will be faxed should be obtained. This may provide another source for address information to assist in verifying the correctness of the disclosure authorization or may help to verify the taxpayer’s address of record. Case files should be properly documented to show where the tax information was faxed, who received it, and how receipt was acknowledged. If no history/documentation is kept as part of a particular program, then no notation is possible or needed. If case files are kept, functional management will determine the methodology that most makes sense. There is no intent to create additional files where they are not already a part of a program.


      The above procedures do not require taxpayers or other authorized third parties to stay on the telephone to acknowledge receipt of the fax. A copy of the fax confirmation sheet is sufficient and satisfies any documentation requirement.

  10. The information in (9) above is not all inclusive. If any doubt exists as to the validity of the caller’s identity, entitlement, or intent, information should be mailed to the taxpayer’s address of record.

  11. While faxed information is not sealed and little protection may be guaranteed at the receiving end, certain precautions are to be used to protect confidential tax information. At a minimum, a cover sheet, identifying the intended recipient of the information and the number of pages being faxed, must be used. This cover sheet should not contain specific confidential information of the taxpayer other than name and phone number, assuming the fax is directed to the taxpayer. If faxing to an authorized third party, put the name of the third party on the cover sheet, not the taxpayer's name, TIN, or other confidential information. The information should be faxed in an order where the cover sheet will become the first page covering the faxed tax information.

  12. Use the following statement on all cover sheets:

    "This communication is intended for the sole use of the individual to whom it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this communication is not the intended recipient or the employee or agent for delivering the communication to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication may be strictly prohibited. If you have received this communication in error, please notify the sender immediately by telephone (collect, if necessary) and return the communication to the address above via the United States Postal Service. Thank you."

  13. IRS policy is that we accept collect calls in misdirected fax notifications. This is based on the fact that we must take reasonable steps to correct the error and get the faxed information to the correct party. Also, the number of misdirected fax situations should be few. Any perceived conflict with a general IRS policy about accepting collect calls can be mitigated by using a toll free number to report misdirected faxes.

  14. If an IRS employee receives a phone call notification regarding a misdirected fax and determines, after talking to the recipient, that the caller will properly destroy (e.g., shred) the misdirected information, the employee does not need to ask the recipient to return the information to the IRS. If the IRS employee is concerned that the unintended recipient may not properly destroy the faxed information, the employee may request that the information be mailed back to the IRS and take necessary steps for the Government to cover the costs of mailing.


    The IRS employee may take into consideration such matters as whether the unintended recipient brought the error in transmission to the attention of the IRS or whether the unintended recipient has a known relationship with the taxpayer whose information is in the faxed material.

  15. Guidelines for faxing between IRS offices were contained in a July 2000 memo from IRS' Chief Information Officer to all IRS Executives. For the use of non-encrypted fax machines to transmit SBU information (including returns and return information) between IRS offices in the United States, see IRM, Information Technology (IT) Security Policy and Guidance, Facsimile and Facsimile Devices. This is permissible as long as the following physical security and management controls are used:

    1. Having a trusted staff member at both the sending and receiving fax machines, or having a locked room for the fax machine with custodial coverage over outgoing and incoming transmissions,

    2. Accurately maintaining broadcast lists and other preset numbers of frequent recipients of SBU data, and

    3. Including a cover sheet on fax transmissions that explicitly provides guidance to the recipient.

  16. Fax machines should be secured at the end of the day.  (03-07-2008)
Access by the Office of Government Ethics (OGE)

  1. The United States Office of Government Ethics (OGE) has no independent right of access to tax information under IRC § 6103. OGE's statutory mandate is not tax administration.

  2. When IRS employees report ethics violations to the OGE, no tax information may be disclosed. OGE's authorizing statute recognizes that OGE will not have access to agency records prohibited from disclosure by law.  (03-07-2008)
Relatives of IRS employees and Protecting Confidentiality

  1. Relatives of IRS employees have no right to access or receive confidential information based on their relationship to the IRS employee. Potential criminal and civil penalties under IRC §§ 7213, 7213A, 7431, 5 U.S.C. § 552, and 18 U.S.C. § 1905, among others, could apply to such accesses/disclosure.

  2. When IRS employees bring confidential information home, all applicable security rules must be followed (e.g., Flexiplace guidelines).

  3. When IRS employees bring relatives (e.g., children) into their work environment, care must be exercised to ensure that the visitors are not exposed to confidential information verbally, on computer screens or in hard copy. It does not matter whether the visitors have an interest in the material or understand the technical work-related meaning of the information. During "Take Your Children to Work Day," children cannot have access to confidential information while parents explain their job or tour the work environment, etc. Even simple tasks such as photocopying could involve inappropriate access to confidential information. Exposure to confidential information is not allowed and can have severe consequences.

  4. Relatives must not accompany employees during field compliance activities where the accompaniment itself could reveal who has a tax liability, who is being examined, etc.  (03-29-2011)
Security and Disclosure

  1. Security and disclosure are not synonymous. Practicing security awareness reduces the risk of unauthorized or inappropriate access or disclosure. The Disclosure function has no jurisdiction over the rules applicable to physical and computer security, but does work closely with the security functions in the setting and communicating of standards.

  2. Physical security standards fall under the oversight of Agency Wide Shared Services (AWSS) Physical Security and Emergency Preparedness. See IRM 10.2.1, Physical Security Program - Physical Security.

  3. Computer and electronic security, including use of E-mail and (defined as any mechanism to encrypt SBU data for e-mail) Secure Messaging (defined as any mechanism to encrypt SBU data for e-mail), fall under the oversight of Information MITS Cybersecurity Policy and Program Management. See IRM 10.8.1, Information Technology Services (IT) Policy and Guidance.

  4. Modernization & Information Technology Services has final jurisdiction over security policy as it applies to faxing and use of cordless devices. They have concurred with the guidelines on faxing and cordless devices as detailed respectively in subsection above, and IRM, Use of Cell Phones and Cordless Devices.  (03-07-2008)
Voice Mail Systems

  1. Security rules for IRS's Voice Messaging System may be found in IRM,Enterprise Networks, Voice Messaging System, VMS Security.

  2. Currently, IRM, Voice Messaging System Security, states that sensitive information may not be transmitted on IRS voice mail systems. From an IRC § 6103 standpoint, information transmitted on IRS voicemail is secure; the policy is based on security concerns with the voicemail system.

  3. IRM, Leaving Information on Answering Machines/Voice Mail, provides guidance on the use of answering machines/voice mail during taxpayer contacts.  (03-07-2008)
Electronic Mail and Secure Messaging

  1. Some general rules for E-mail and Secure Messaging.

    1. Employees may not use E-mail to transmit SBU data unless they use the IRS Secure Messaging (SM) system. SM allows users to encrypt E-mail messages and attachments for transmission between IRS employees. Both the sender and recipient must have SM in order for the E-mail to be protected.

    2. SBU information includes taxpayer data, Privacy Act protected information, some law enforcement information, and other information protected by statute or regulation. See IRM, Information Protection, Sensitive But Unclassified Information, for an exact definition of SBU.

    3. SBU data may be transmitted to other employees provided the recipient has a need to know the information and release is otherwise consistent with statutory requirements. Note that subject lines are not encrypted and should not contain SBU information.

    4. SBU data may not be sent to parties outside of IRS, including other government agencies , taxpayers, or their representatives. Employees can receive E-mail containing SBU data from taxpayers or their representatives. Employees cannot send E-mails containing SBU data outside the IRS network, even if specifically authorized by the taxpayer. Exceptions must have the approval of Modernization & Information Technology Services Office of Cybersecurity Policy and Program Management. See IRM 10.8.1.

    5. Sensitive law enforcement information must not be transmitted by E-mail, even when encrypted. This includes information related to informants or undercover activities.  (03-07-2008)
Records Management

  1. Records management is the planning, controlling, directing, organizing, training, promoting, and other related activities related to the creation, maintenance, use, and disposition of records for proper documentation of an agency's policies and transactions. Records management in IRS is under the jurisdiction of the IRS Records and Information Management Services (RIMS) Program, part of Agency-wide Shared Services (AWSS).

  2. A Federal record is any recorded information relating to work of an office regardless of the medium, who created the record, or how it was created. Some records are paper documents, but most records are now electronically generated and maintained (e.g., Word, Excel, and E-mail documents). Other types of records include photographs, maps, microfilm and fiche, video and sound recordings, and computer tapes or diskettes, and CDs, DVDs, thumb drives, etc.

  3. The Federal Records Act of 1950, as amended, governs the creation and preservation of government files. Other statutes and policies also apply. IRS works closely with the National Archives and Records Administration to ensure compliance with records management requirements.

  4. IRM 1.15.1, The Records and Information Management Program, IRM 1.15.2, Types of Records and their Life Cycle, IRM 1.15.3, Disposing of Records, and IRM 1.15.7, Files Management, should be consulted for guidance on the records management program.  (03-07-2008)
Security Inspections

  1. In today's climate, security checks are everywhere - IRS offices, airports, and at other buildings IRS employes must access during the performance of official duties.

  2. Certain precautions are needed to mitigate the risk of disclosures that might occur when employees are subject to a security check and their briefcase or suitcase contains tax information or other sensitive data.  (03-07-2008)
Transporting Documents

  1. When carrying sensitive documents, even within IRS buildings, certain steps should be taken to limit the risk of disclosure.

  2. Inadvertent disclosure of confidential data can be avoided by taking a few simple precautions. Employees will:

    1. Carry sensitive information only when necessary.

    2. Protect sensitive information by covering it with a blank piece of paper, placing it in an envelope large enough to cover any tabs or other identifying information and labeling the envelope confidential.  (03-07-2008)
Planning and Consequences

  1. Proper planning, along with consideration of proper security measures, should allow employees to perform their normal duties with minimal disclosure concerns. When a concern arises, Disclosure personnel will help to analyze the issue, alleviate the concern, and advise the employee about the best course of action.

  2. An unauthorized disclosure is considered willful only when it is made voluntarily and intentionally, with full knowledge that it is wrong. Any inadvertent disclosure that might occur when clearing security should not meet the criteria of a willful disclosure when the employee has exercised care.  (03-29-2011)
Redacting Transcripts

  1. Whenever providing tax information to taxpayers or their representatives, it is important to ensure that only authorized information is disclosed.

  2. Often, tax transcripts (including computer printouts) must be sanitized by redacting information that:

    1. Belongs to a different taxpayer,

    2. Includes a type of tax or a period not covered by a disclosure authorization,

    3. Is prohibited by statute from being disclosed (e.g., DIF or SERFE score), or

    4. If released, will impair Federal tax administration.

    Any such redactions must be authorized by a functional employee having authorization to do so. See Delegation Order 11-2 or established functional guidelines on transcript redacting.

  3. Functional IRMs and various sections of IRM 11.3 provide guidance about redacting standards.

  4. While some transcripts are specifically designed for taxpayer use (e.g., RTFTP, MFTRAX, and IRPTRW without the summary sheet) others are not, and require greater scrutiny and deliberation before release to a taxpayer.

  5. Freedom of Information Act redaction guidelines must be followed when applicable. For more information, see IRM 11.3.13, Freedom of Information Act (FOIA).

  6. Disclosure personnel can be consulted with questions regarding redactions.  (03-07-2008)
Office of Special Counsel

  1. The Office of Special Counsel (OSC) is an independent Federal investigative agency whose primary mission is to safeguard the merit system by protecting Federal employees and applicants from prohibited personnel practices, such as reprisal for whistle-blowing. Occasionally in the context of an OSC investigation, or the use of tax information in a court proceeding, a question arises as to whether tax information may be accessed by OSC.


    An IRS employee alleges that his manager retaliated against him for making a complaint that the audit selection process in a particular location was racially discriminatory and OSC opens an investigation. During the investigation, OSC determines that it needs tax information from the employee's case to complete the investigation.

  2. The OSC investigation is a proceeding affecting the personnel rights of the employee. Tax information may be disclosed to the OSC investigator under IRC § 6103(l)(4)(B) if the IRS determines that the disclosure is necessary to advance or protect the interests of the United States. Generally, OSC should be asked to make a written request explaining the reasons why tax information is needed. Data should be stripped of identifiers unless inclusion of identifying information is necessary to advance or protect the interests of the United States. If the investigation's focus turns to the actions of a specific manager, then the OSC investigation is also a proceeding affecting the personnel rights of the manager. At that point, the manager (or his private attorney) may make an IRC § 6103(l)(4)(A) request for relevant and material tax information. Disclosures must be approved by officials having Delegation Order 11-2 authority. For more information on IRC § 6103(l)(4), see IRM 11.3.20, Personnel Records.

  3. The Privacy Act may be involved if OSC requests non-tax information, such as personnel records, from the IRS. Personnel records may be turned over to OSC pursuant to the routine use authority of Treasury/IRS System of Records Notice 36.003, General Personnel and Payroll Records.

Exhibit 11.3.1-1 
Notice 129

Disclosure Limitations
Unauthorized inspection or disclosure, printing, or publishing of any Federal return or return information, or any information therefrom, may be punishable by fine or imprisonment and in the case of Federal officers or employees, dismissal from office or employment. See IRC §§ 7213 and 7213A and 18 U.S.C. section 1905. In addition, IRC § 7431 provides for civil damages for unauthorized disclosure of such information.
Disposition Instructions
Copies of Tax Returns, Related Documents, Abstracts, and Transcripts:
1. Copies provided, together with any additional copies made by the requester, must be returned to the furnishing IRS office unless specific arrangements have been made for their retention in accordance with IRC § 6103(p)(4).
2. Retained copies, other than those that are made part of an official hearing or trial record, must be destroyed after they have served their purpose by shredding, burning, or other process that will render the copies unintelligible.
Magnetic Tapes
Tapes should be degaussed after they have served their purpose.
Department of the Treasury
Internal Revenue Service
Notice 129 (Rev. 12-97)
Catalog Number 45546L

Exhibit 11.3.1-2 
Notice 129A

Disclosure Limitations
Unauthorized inspection or disclosure, printing, or publishing of any Federal return or return information, or any information therefrom, may be punishable by fine or imprisonment and in the case of Federal officers or employees, dismissal from office or employment. See IRC §§ 7213, 7213A, and 18 U.S.C. section 1905. In addition, IRC § 7431 provides for civil damages for unauthorized inspection or disclosure of such information. Tapes should be degaussed after they have served their purpose, disposed of in accordance with Publication 1075 disposition guidelines, or returned to the IRS.
Department of the Treasury
Internal Revenue Service
Notice 129A (Rev. 12-97)
Cat. No. 45547W

More Internal Revenue Manual