11.3.17 Privacy Act Recordkeeping Restrictions

Manual Transmittal

September 12, 2013


(1) This manual, IRM 11.3.17, Disclosure of Official Information, Privacy Act Recordkeeping Restrictions was reviewed on May 31, 2013, and determined to be technically accurate. It is being reissued as a non-procedural update and includes web link updates and links to citation references.

Material Changes

(1) Editorial changes have been made throughout to update IRM/statute/organizational references and terms. Web references were added/updated throughout to make the text easier to research in electronic media.

Effect on Other Documents

This material supersedes IRM 11.3.17, Disclosure of Official Information, Privacy Act Recordkeeping Restrictions dated March 31, 2008.


All Operating Divisions and Functions.

Effective Date


Related Resources

The Governmental Liaison and Disclosure intranet home page can be found at:

Gregory T. Ricketts
Acting Director, Governmental Liaison and Disclosure


  1. The Privacy Act of 1974 provides that agencies will maintain no record describing how any individual exercises rights guaranteed by the First Amendment unless:

    1. Expressly authorized by statute;

    2. Expressly authorized by the individual about whom the record is maintained; or

    3. Pertinent to and within the scope of an authorized law enforcement activity.

  2. The First Amendment states:

    "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof, or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for redress of grievances."

  3. Congress intended that in determining whether or not a particular activity constitutes the exercise of a right guaranteed by the First Amendment, agencies should apply the broadest reasonable interpretation.

  4. No file should be kept of persons who are merely exercising their constitutional rights. See IRM below for types of records that may be kept.

  5. Voluntary compliance with the tax laws necessitates maintaining the highest possible degree of public confidence in the integrity of the IRS. The IRS, therefore, has a special responsibility to respect the rights of taxpayers concerning this aspect of the Privacy Act.


  1. All IRS employees involved in the design, development, operation, or maintenance of any system of records subject to the Privacy Act should be aware of the requirement prohibiting the maintenance of exercise of First Amendment information and should be alert to any potential violation of that prohibition.

  2. Employees recognizing any questionable practices in regard to this prohibition should report the details, through channels, to the official responsible for prescribing the system of records, for evaluation and correction.

  3. Employees receiving any inquiry from a member of the public questioning the content of any system of records in regard to the exercise of First Amendment rights should forward the inquiry, with a memorandum providing any available background information, through channels, to the managing official for response and appropriate action.

  4. Officials requiring guidance concerning the legality of any information being recorded in a system of records under their control should seek the assistance of the Disclosure Manager (in the case of field officials) or the Director, GLD (in the case of Headquarters officials).

  5. All supervisory or other personnel having review responsibilities for case records should be alert to First Amendment considerations and include them in their reviews.

Permissible Records

  1. Records describing the exercise of First Amendment rights may be maintained only if one of the following conditions is met.

    1. A statute specifically authorizes it.

      1) Specific authorization means that a statute explicitly provides that an agency may maintain records on activities whose exercise is covered by the First Amendment; not merely that the agency is authorized to establish a system of records.
      2) The statute need not specifically address the maintenance of records of First Amendment activities if it specifies that such activities are relevant to a determination concerning the individual.


      Taxpayers are required to provide information necessary to verify deductions on their tax returns. Such information may be recorded although, in some instances, it may reveal how individuals exercise their First Amendment rights; such as, religious affiliation, group membership, or political preference.

    2. The individual expressly authorizes it.


      IRS employees may offer information concerning their activities in a community group in order to enhance their chances for advancement by demonstrating the acquisition of some specialized experience or leadership skill.

    3. The record is required by the agency for an authorized law enforcement function. Congress intended to make certain that political and religious activities are not used as a cover for illegal activities.


      Individuals who advocate, or who are active in organizations that advocate, noncompliance with the tax laws may reasonably be considered as possibly being involved in actual violations of the tax laws. Appropriate records of such activities may be maintained for compliance purposes.

Equal Treatment

  1. The impetus of this section of the Privacy Act is that all persons should be treated fairly and equally under applicable laws. The absence of First Amendment information from agency records helps to prevent selective treatment of persons on the basis of religion, opinion or group membership.

  2. IRS employees are responsible for avoiding any possible inference of selective treatment of taxpayers on the basis of their exercise of First Amendment rights.

Collecting Information Relating to Individuals from Third Party Sources

  1. Subsection (e)(2) of the Privacy Act of 1974 states that an agency should:

    "Collect information to the greatest extent practicable directly from the subject individual when the information may result in adverse determinations about an individual’s rights, benefits and privileges under Federal programs."

  2. This provision stems from a concern that information obtained from third party sources could be erroneous, outdated, irrelevant, or biased.

  3. This provision establishes that decisions under Federal programs that affect an individual should be made on the basis of information supplied by that individual, but recognizes the practical limitations by qualifying the requirement with the words "to the extent practicable."

Inquiries Affected

  1. Most inquiries made by the IRS, both in determining tax liability and in dealing with its employees, are subject to the requirement of subsection (e)(2).

  2. Inquiries in connection with criminal investigations, that are maintained as systems of records exempt under subsection (j)(2) of the Privacy Act, are not subject to the requirements of subsection (e)(2).

  3. Although the IRS will "collect information to the greatest extent practicable directly from the subject individual," it is recognized that compliance with internal revenue laws cannot be determined solely with reference to information on returns and documents filed with the IRS and that the IRS will have to obtain information from outside sources.

  4. Inquiries to third parties in connection with the gathering, solicitation and documentation of evidence necessary in developing cases that have been assigned for collection of taxes or examination or investigation of a tax liability, will continue to be governed by the guidelines set forth in those portions of the Internal Revenue Manual (IRM) that relate to the collection of information from third-party sources including IRM 11.3.14, Privacy Act General Provisions, reference, Controlling Information From Third Parties. See IRC § 7602 for rules relating to recordations of third party contacts. (See also IRM 11.3.21, Investigative Disclosure.)


  1. Officials responsible for systems of records which contain information collected from third-party sources should include in their periodic review of procedures consideration of whether their practices are consistent with the intent of subsection (e)(2) of the Privacy Act and IRM, Privacy Act General Provisions .

  2. This consideration should include a review of those portions of the IRM that relate to the collection of information from third-party sources.

Practical Considerations

  1. In analyzing each situation in which personal information is collected from a third-party source, each functional activity should consider the following:

    1. The nature of the program, i.e., it may well be that the kind of information needed can only be obtained from a third party, such as investigations where the taxpayer’s records are not available.

    2. The cost of collecting the information directly from the individual as compared with the cost of collecting it from a third party.

    3. The risk that the particular elements of information proposed to be collected from third parties, if inaccurate, could result in an adverse determination.

    4. The need to ensure the accuracy of information supplied by an individual by verifying it with a third party or to obtain a qualitative assessment (e.g., in verifying information submitted on a tax return or in connection with the review of an application for employment).

    5. The opportunities for verifying, whenever practicable, any such third-party information by consulting with the individual before making a determination based on third-party information.

  2. The objective, however, should be to obtain information directly from the individual involved whenever it is practical to do so.

Restrictions on the Maintenance of Information About Individuals

  1. Subsection (e)(1) of the Privacy Act of 1974 provides that each agency that maintains a system of records shall:

    "Maintain in its records only such information about an individual as is relevant and necessary to accomplish a purpose of the agency required to be accomplished by statute or by executive order of the President."

  2. This provision is intended to reduce the amount of personal information collected by Federal agencies, thus reducing the risk of intentional or inadvertent improper use of personal data.


  1. The term maintain includes - retention, collection, use, and dissemination.

  2. The term relevant means - pertinent to and bearing upon the matter at hand.

  3. The term necessary means - requisite or needful in accomplishing a given task.

Records Affected

  1. Subsection (e)(1) of the Privacy Act is applicable to all records maintained by the IRS (including those pertaining to taxpayers, IRS employees, and other individuals) unless otherwise exempted.

  2. The IRS has asserted exemptions provided by the Privacy Act with regard to subsection (e)(1) for various systems of records.

  3. The exempt systems are primarily those that are investigative in nature and have been exempted in order to permit an orderly collection of data without challenge until such time as the relevance and necessity of the data has been determined. It is not possible to determine the relevance or necessity of specific information during the early stages of an investigation. Relevance and necessity are questions of judgment and timing. What appears relevant and necessary when collected may subsequently be determined to be irrelevant or unnecessary. It is only after the information is evaluated that the relevance and necessity of such information can be established with certainty.

  4. When information is received by the IRS relating to violations of law within the jurisdiction of other agencies, the IRS maintains this information in order to forward the material to the appropriate agencies and/or to respond to valid requests from those agencies to the extent provided by law or regulation.

  5. The handwritten notes of an agent taken during the interview of a witness continue to be relevant and necessary, and should not be destroyed even though they may have been included in a formal report. Court decisions have held that such notes must be preserved and are discoverable.

  6. The IRS will limit its inquiries to information that is necessary for the enforcement and administration of tax laws and the internal administration of the IRS.

  7. Although it may have been necessary to exempt some systems of records from subsection (e)(1), the principles of relevance and necessity nevertheless remain applicable to all records to the extent that we are able to apply them. These provisions will be applied to exempt systems of records to the extent that it is practical to do so.


    Employees should not collect, maintain, use or disseminate non-tax related information concerning taxpayers, except as necessary for the enforcement and administration of the internal revenue laws.


  1. In order for the IRS to maintain information in its records, the information must serve a purpose that is required by statute or executive order of the President.

  2. The authority of the IRS to maintain a system of records does not give it the authority to maintain any information which is merely useful, may information be maintained merely because it is relevant. The information must be both relevant and necessary to accomplish the authorized purpose for which it is maintained.

  3. In the final analysis, a determination that information is relevant and necessary is judgmental. Such judgments should, however, be based upon a realistic evaluation of the purpose to be served by the information being maintained and a sound understanding of the principles underlying the Privacy Act.

  4. The standards used to define necessity and relevance will vary widely depending upon the type of activity involved and the specific needs of a particular type of case.

  5. Some examples of factors that may be considered in determining whether information is relevant and necessary are listed below.

    1. How does the information relate to the legal purpose for which the system is maintained?

    2. What are the adverse consequences, if any, of not collecting this particular information?

    3. Could the need be met through the use of information not in individually identifiable form?

    4. Does the information need to be collected on every individual who is the subject of a record in the system, or would a sampling procedure suffice?

    5. At what point will the information have satisfied the purpose for which it was collected, i.e., how long is it necessary to retain the information?

    6. Is the information, while generally relevant and necessary to accomplish a statutory purpose, specifically relevant and necessary only in certain areas?

  6. In addition to providing a standard that protects the privacy of the individual, the concepts of relevance and necessity can contribute to effective operations. The maintenance of information that is not relevant and necessary constitutes an ineffective use of IRS resources, that should be avoided. This standard can therefore be useful in promoting efficiency and good management.

  7. This provision is not intended, however, to interfere with the maintenance, evaluation, or presentation of evidence in civil or criminal matters.

Actions to be Taken

  1. A detailed review of the contents of each record within a system is not required and should not be attempted. It is important, however, that we consider the legality, relevance, and necessity of the general categories of information maintained to ensure compliance with the Act.

  2. A review of systems of records to ensure compliance with these requirements should be made:

    1. In connection with the initial design of a new system of records;

    2. Whenever any change is proposed to an existing system of records;

    3. As part of the republication of the Notice of Systems of Records;

    4. Whenever an individual requests deletion of information on the basis that it is not relevant and necessary; and


      Review of such request should cause the Disclosure Manager to consider whether the inappropriate information constitutes an isolated occurrence or is characteristic of the system of records. If the inclusion of inappropriate information appears to be characteristic of the system of records or sufficiently widespread to warrant broad remedial action, the Disclosure Manager should report his/her findings to the Director, GLD, for referral to the official responsible for prescribing the system of records who will take appropriate action.

    5. Whenever information indicative of a need for such review is received by the official responsible for prescribing the system of records.

  3. All IRS employees involved in the design, development, operation, or maintenance of any system of records subject to the Privacy Act should be aware of the provisions concerning the legality, relevance and necessity of information maintained concerning an individual.

  4. Employees recognizing any questionable or undesirable practices in regard to these provisions should report the details, through channels, to the official prescribing the system of records for evaluation and appropriate action.

  5. Each Headquarters official who prescribes the maintenance of a system of records or issues IRM instructions to employees involved in the design, development, operation, or maintenance of any system of records, should expand such instructions to include appropriate or necessary guidance to achieve compliance with the relevance and necessity provisions of the Privacy Act, as outlined in (6) and (7) below.

  6. Automated systems of records characteristically involve a limited number of data elements that are applicable to a large number of records. The inclusion of inappropriate information therefore tends to be characteristic of any system of records in which it occurs. Emphasis should be placed upon proper evaluation of the information to be recorded at the time the system is designed or updated. Since all the data elements to be included are known at the time of initial design, careful consideration of each element should result in an extremely high degree of compliance with the Privacy Act requirements.

  7. Systems of records that consist primarily of information entered upon preprinted forms require a somewhat different approach. Emphasis should be placed upon the design of the form, that should request only relevant and necessary information. In addition to designing or revising forms, consideration of these aspects must also be included in the instructions on the use and preparation of the forms.

  8. Far more complex problems exist when a system of records consists of information that was gathered by personal interviews or investigative procedures and recorded in narrative form. The unstructured nature of such information gathering creates a risk of abuse in individual instances, that is difficult to detect and correct. Instructions for designing or maintaining such records should stress the following:

    1. Guidelines to assist employees in conforming with the relevance and necessary provisions, keeping in mind the wide variance between activities and the specific needs of particular types of cases. Guidelines should, to the extent possible, help prevent inappropriate inquiries without hampering investigative techniques.

    2. Every employee engaged in investigative inquiries is expected to use mature judgment and to exercise self-discipline in determining the types of information to be requested and recorded.

    3. Extreme caution should be used when dealing with information of a highly personal nature relating to the relationships between individuals or personal activities that would not generally be made public by the individual involved.

    4. The mere fact that a person volunteers personal information does not serve as authority to record it, as it may nevertheless be irrelevant and unnecessary.

    5. In a pluralistic society, employees may have contact with individuals who follow a variety of life styles, some of which may involve relationships or practices that may seem strange or even abhorrent to the investigator. Such factors would not generally be tax related, and information concerning them should not be collected unless it can be shown to be relevant and necessary to a particular case.

    6. If possible, opinions or subjective impressions of individuals should generally be avoided. However, certain cases may require recording such impressions, especially those involving potential assaults upon IRS personnel, cases located in high crime areas, cases pertaining to uncollectible accounts, and cases recommending further investigation. Opinions or subjective impressions should be specifically identified as such, and, whenever appropriate, be accompanied by factual substantiation.


      Extreme caution should be used when dealing with information of a highly personal nature relating to the relationships between individuals or personal activities that would not generally be made public by the individual involved.

    7. Existing supervisory or other review procedures should be utilized to identify instances of employees maintaining information that is not relevant or necessary. If a record is created or discovered that is irrelevant to the system of records (SOR), in which it is currently filed, it should be removed from the SOR and placed in the correct filing or recordkeeping location. Do not dispose of the record until its authorized destruction date (if there is one) as identified in either the NARA General Records Schedules or IRM 1.15.2, Records Management - Types of Records and Their Life Cycle,IRS - Records Control Schedule. If erroneous or incorrect information is discovered, it should be corrected and the file annotated, to indicate the date the correction was made. Reviewers should advise employees of the irrelevant entry to assist them in clearly understanding the meaning and importance of relevance and necessity; and whatever trends are identified, make recommendations to the responsible official for further guidelines or other corrective actions.

    8. In appropriate situations, awareness and responsiveness to Privacy Act principles should be developed as factors for use in employee evaluations.

Individual Recourse

  1. Any employee who believes he or she has been directed to maintain a record that is not relevant and necessary to accomplish a purpose of the agency required to be accomplished by statute or by executive order of the President or to maintain a record describing how any individual exercises rights guaranteed by the First Amendment (except as provided by the Privacy Act), or who otherwise believes he or she has been directed to violate the Privacy Act of 1974, should bring such matter to the attention of his or her immediate supervisor.

  2. Supervisors requiring assistance in responding to inquiries pursuant to (1) above should refer the matter to the Disclosure Manager for possible referral to the Director, GLD.

  3. Any employee and/or supervisor who has complied with (1) or (2) above and is not satisfied with the response or who prefers not to comply with the above, may submit an allegation of violation of the Privacy Act directly to the Treasury Inspector General for Tax Administration.

Privacy Act Requirement to Maintain Accurate, Relevant, Timely and Complete Records

  1. Subsection (e)(5) of the Privacy Act of 1974 provides that each agency that maintains a system of records shall:

    "... Maintain all records that are used by the agency in making any determination about any individual with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to assure fairness to the individual in the determination."

    1. The objective of this provision is to minimize, if not eliminate, the risk that an agency will make an adverse determination about an individual on the basis of inaccurate, incomplete, irrelevant or out-of-date records.

    2. The term determination means any decision affecting the individual that is in whole or in part based on information contained in the record and that is made by any person or any agency.

    3. The phrase as is reasonably necessary recognizes the difficulty of establishing absolute standards of data quality.


      Emphasis is placed on assuming the quality of the record in terms of its use in making decisions affecting the rights, benefits, entitlements, or opportunities (including employment) of the individual. Accordingly, it is at the time of making a determination that the standards need to be applied.

  2. Subsection (e)(6) of the Privacy Act of 1974 provides that:

    "... prior to disseminating any record about any individual to any person other than an agency, unless the dissemination is made pursuant to subsection (b)(2) of this section (the Freedom of Information Act), make reasonable efforts to assure that such records are accurate, complete, timely, and relevant for agency purposes."

    1. The primary objective of this provision is to assure the quality of records disclosed to persons that are not subject to the provisions of subsection (e)(5).


      It is, therefore applicable, whenever a disclosure is made to a person other than the individual to whom it pertains.

    2. The provision also recognizes that information disclosed to other agencies is subject to the standards of accuracy, etc., established by those agencies.


      Therefore, this provision does not apply to disclosures made to an agency.

    3. The term agency includes any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency.


      Technical employees such as Revenue Agents and Revenue Officers should be advised to keep their files clean of unrelated materials.


      When employees print information from services such as ChoicePoint, Accurint, yK1 or other such system, they should immediately discard all material on unrelated parties unless such information is functionally declared necessary (e.g., to detail specific search methodology).

Exempt Systems

  1. Various systems of records have been designated exempt under subsection (j)(2) from the provisions of subsection (e)(5) of the Privacy Act.

  2. All systems of records are subject to the provisions of subsection (e)(6) of the Privacy Act.

Actions Required

  1. Privacy Act instructions are applicable to all employees who maintain, collect, use or disseminate information about individuals in published systems of records.

  2. When information is put into any system, the language should be carefully phrased so as not to misrepresent the facts, or be subject to an inaccurate or misleading interpretation.


    Statements made by witnesses about an individual should be reflected as such and should not be indicated as established facts.

  3. Information collected should be relevant, timely, and complete.

  4. Information put into IRS records should relate to some matter that the IRS is authorized and required to maintain in order to carry out its lawful mission.


    Information maintained about employees should relate only to their employment.

  5. Completeness is vital in order not to misrepresent or to be unfair, or to present an unfair picture of a situation which could result in a determination harmful to the rights of the individual.

    1. Caution:

      Employees should be careful in meeting the completeness standard in that they should not collect irrelevant or unnecessary information. Records should include only those elements of information that clearly bear on the determination for which the records are intended to be used, but should include all elements necessary for the determination to be made.

  6. Prior to disseminating any record about an individual to a person (not an agency) other than the individual to whom it pertains, make reasonable efforts to assure that the requirements of subsection (e)(6) relating to accuracy, completeness, timeliness, and relevance have been fulfilled and that the record relates to the purposes of the IRS.

  7. Any record disclosed must be as accurate as when the IRS made the determination about the individual. If the information does not meet this standard, the record must be corrected before dissemination.

  8. The actions required by (6) and (7) do not lend themselves to specific periodic actions. However, this does not reduce the importance of IRS responsibility to comply with the provisions.

    1. Meeting the demands of these provisions will require all employees to have an awareness of the rights of individuals.

    2. Employees must be alert to the fact that notations made and actions taken may have far-reaching effects.

    3. Employees should make every effort to ensure that the records they help to create would not result in an unfair determination about any individual.