11.3.24 Disclosures to Contractors

Manual Transmittal

June 14, 2019


(1) This transmits revised 11.3.24, Disclosure of Official Information, Disclosures to Contractors.

Material Changes

(1) Added internal controls sections numbered IRM through and renumbered subsequent sections accordingly. Titled IRM Program Scope and Objectives, to properly reflect the information communicated in this subsection. Information from prior section, General, was incorporated into this updated section. Also included important information to conform to the new internal and management control standards under the following titles:

  1. IRM, Authority - Incorporated authority information previously found in IRM 11.3.24.

  2. IRM, Roles and Responsibilities - This IRM is applicable for all IRS employees to help comply with the disclosure provisions when official duties require disclosures to contractors.

  3. IRM, Terms/Definitions/Acronyms - Incorporated definitions previously found in IRM and compiled a list of frequently used terms and acronyms regarding disclosures to contractors.

  4. IRM, Related Resources - Added related resources applicable to disclosures to contractors.

(2) Editorial changes have been made throughout to update IRM/statute/organizational references and terms and to provide clarification as needed. Web and citation references were added to make the text easier to research in electronic media.

(3) IRM updated to add a better explanation pertaining to the lack of safeguard provisions for disclosures made under IRC §6103(k)(6).

(4) IRM is revised to add a bullet identifying support services relating to federal tax administration as an activity to be considered under procurement actions as defined in IRC §6103(b)(4). A caution is added that for tax returns and return information, IRC §6103 must authorize disclosure to a contractor regardless of whether the Privacy Act authorizes disclosure.

(5) IRM is revised to add a caution to explain that a provision of the Privacy Act must authorize disclosure either under one of the 12 Privacy Act statutory exceptions that authorize disclosure or there must be a valid written Privacy Act consent that authorizes disclosure. A second caution is added to explain that a contractor and its employees are subject to the Privacy Act’s criminal penalties if the contract is to operate a system of records for the agency.

(6) Updated IRM to include a link to the Privacy Act Systems of Records on the Treasury website.

(7) Updated language in IRM to explain permissible authority under IRC §7513.

(8) Updated IRM to reflect Disclosure’s limited role in compliance reviews and remove reference to obsolete Form 1334.

(9) Updated IRM to reflect the role of Privacy and added ink to IRM

(10) Updated language in IRM to summarize duties of IRS Personnel Security and added link to IRM 10.23.2.

(11) Updated IRM to add a link to IRM, to remove reference to Policy and Procedures Memo 24.1(A) which has been terminated, and add current Internal Revenue Service Acquisition Policy (IRSAP) sections for guidance.

(12) Added IRM to identify the role of Privacy Policy in mandatory privacy briefings to contractors, and added link to IRM 10.5.1.

(13) Added IRM to identify the role of Chief, Procurement in awarding contracts involving the release of SBU information. Added a Note to this section to identify Business Unit responsibilities.

(14) Deleted IRM through (10). These paragraphs are obsolete.

(15) Updated IRM to state that in accordance with Federal Acquisition Regulation, Part 24.102(b), contractors and their employees are considered employees of the agency and are subject to the civil and criminal penalty provisions for violations of the Privacy Act.

(16) Updated IRM to add IRSAP Part 1024 as a resource for records subject to the Privacy Act.

(17) Added IRM to identify IRM as a resource for Privacy Act material in contracts.

(18) Removed IRM as Disclosure no longer conducts Contract Compliance Reviews; renumbered subsequent sections accordingly.

(19) Added language from IRM to IRM to identify written solicitation requirements. Removed remainder of IRM to limit information provided to only Disclosure policy. Subsequent sections renumbered accordingly.

(20) Added IRM to include final regulations allowing contractors to receive IRS summoned information and take testimony of the witness summoned by the IRS.

(21) Updated IRM to include a link to the Restricted Purchase List when using purchase cards for title searches.

(22) Added a Caution to IRM referring back to IRM for more information on the use of IRC §6103(k)(6).

(23) Updated IRM to remove reference to SORNs on webRTS and added information regarding Privacy Act provisions in contracts.

(24) Updated IRM to direct Business Units to *Privacy for contracts involving the Privacy Act or Sensitive But Unclassified (SBU) data.

(25) Updated IRM to add a note identifying examples of SBU information documents.

(26) Updated IRM to add a note referring to IRM

(27) Updated IRM to provide IRM references for Privacy Policy involving SBU data, also deleted obsolete IRSAP Clauses.

(28) Added new section as IRM, Disclosure of Return Information to Whistleblowers, to incorporate the provisions under 26 CFR §301.6103(n)-2.

(29) Updated IRM with updated IRSAP clauses and new IRSAP Procedures Guidance and Information (PGI). Deleted the list of IRSAP clauses contained in IRM thru c). These clauses are obsolete.

(30) Added new section as IRM to provide guidance on published Documents supporting destruction of returns and return information.

Effect on Other Documents

IRM 11.3.24 dated July 22, 2008, is superseded.


All Operating Divisions and Functions.

Effective Date


Related Resources

The Disclosure and Privacy Knowledge Bases can be found at: https://portal.ds.irsnet.gov/sites/vl003/pages/default.aspx.

Phyllis T. Grimes
Director, Governmental Liaison, Disclosure and Safeguards

Program Scope and Objectives

  1. Purpose: This IRM section provides instructions for assuring that IRS contracts involving the inspection or disclosure of Federal tax returns and return information under Internal Revenue Code (IRC) §6103(n), information covered by the Privacy Act of 1974 (Privacy Act), or documents classified as Sensitive But Unclassified (SBU) comply with all applicable laws, regulations and procedures.

  2. Audience: These procedures apply to all IRS employees in connection with official duties related to disclosures to contractors.

  3. Policy Owner: The Governmental Liaison, Disclosure and Safeguards (GLDS) office, under Privacy, Governmental Liaison and Disclosure (PGLD), is the program office responsible for oversight of the Servicewide disclosure to contractor policy.

  4. Program Owner: The Disclosure office, under GLDS, is responsible for oversight of disclosure to contractor processes and procedures. Each IRS organization is responsible for ensuring its employees are aware of and follow these processes and procedures when working with contractors.

  5. Initial contacts with contractors to engage their services and disclosures of tax information necessary in these circumstances are made pursuant to IRC §6103(k)(6) and are discussed in IRM 11.3.21, Investigative Disclosure.

  6. Business offices should structure procurement actions under the authority of IRC §6103(n) rather than under IRC §6103(k)(6). Persons receiving return information under IRC §6103(k)(6) are not subject to the civil and/or criminal penalties for unauthorized accesses or disclosures of return information. Further, IRC §6103(k)(6) does not apply safeguarding and penalty provisions.


  1. IRC §6103(n) permits the Secretary of the Treasury, pursuant to regulations, to disclose returns and return information to any person, including persons described in IRC §7513(a), to the extent necessary in connection with procurement actions for tax administration purposes as defined in IRC §6103(b)(4), such as:

    • Equipment or other property or

    • Services relating to the processing, storage, transmission, and reproduction of returns and return information or

    • Support services relating to federal tax administration or

    • Services relating to the programming, maintenance, repair, testing of equipment or other property or

    • The providing of other services such as tow trucks, locksmiths, appraisers, court reporters and others


    For tax returns and return information, IRC §6103 preempts the Privacy Act. Disclosure of tax returns and return information is controlled by IRC §6103. Returns and return information may not be disclosed to a contractor unless the requirements of IRC §6103 are met (regardless of whether the Privacy Act authorizes disclosure).

  2. Title 26 Code of Federal Regulations (CFR) §301.6103(n)-1 provides that the IRS and the Office of Chief Counsel may disclose returns and return information to contractors pursuant to IRC §6103(n). The regulation also places certain limitations on the disclosures; these are defined in 26 CFR §301.6103(n)-1(b).

  3. 5 U.S.C. §552a(b)(3), Routine Use, authorizes the disclosure of Privacy Act records provided the system of records notice includes appropriate language allowing contractors access to such information. "Disclosure pursuant to IRC §6103" or similar language provides Privacy Act authorization to disclose federal tax information (FTI).


    A contractor and its employees are not considered employees of the Department of the Treasury for purposes of 5 USC § 552a. Therefore, Privacy Act protected records cannot be disclosed to contractors pursuant to 5 USC § 552a(b)(1). Disclosures of such records to contractors may be made only if one of the statutory disclosure provisions applies. The most commonly applicable disclosure provisions are 1) a published “routine use” in the appropriate system of records notice, and 2) written consent to the disclosure from the individual whose records are at issue.


    A contractor and its employees are subject to the Privacy Act’s criminal penalties pursuant to 5 USC § 552a(m)(1) if the contract is to operate a system of records for the agency. The IRS routinely includes disclosure prohibitions in contracts that authorize contractor access to Privacy Act protected records

  4. IRS System of Records Notices are published on Treasury’s website at: https://home.treasury.gov/footer/privacy-act/system-of-records-notices-sorns.

  5. IRC §7513 authorizes the scanning and reproduction of any return, document, or other matter. Title 26 CFR §301.7513-1 details the safeguards in place to protect the scans and reproduced documents from unauthorized use and disclosure.

Roles and Responsibilities

  1. Disclosure, GLDS will support the Office of Procurement and other IRS functions by advising on disclosure law and policy.

  2. Privacy Policy and Compliance, PGLD, has a responsibility to review procurement solicitations involving Privacy Act records, approval of contracts per OMB A-108, as well as training clauses in contracts. Refer to IRM, New Privacy Act Contract Review Requirements, for further information.

  3. Personnel Security, Human Capital Office has the responsibility for conducting investigative processing for contractors and their employees commensurate with the position risk level designation associated with the work to be performed. See IRM 10.23.2, Contractor Investigations.

  4. Cybersecurity, Information Technology (IT) administers policy for conducting mandatory security briefings for contractors. See IRM, IT Security Roles and Responsibilities, Contractor. Also see Internal Revenue Service Acquisition Policy (IRSAP) 1024.9001, Determination of Pre-Award Survey, which references IR1052.224-9001, Mandatory IRS Information Protection and Security Awareness Training Requirements (DEC 2018). In addition there is IRSAP PGI, 1024.9001, Determination of pre-award survey and Pub 4812, Contractor Security Controls.

  5. Privacy Policy and Compliance, PGLD administers policy for mandatory privacy briefings for contractors. See the Personnel Engaged in Procurement Activities and Contractors sections of IRM 10.5.1, Privacy Policy.

  6. Chief, Procurement is responsible for awarding contracts involving the release of SBU information and complying with all applicable laws, regulations and procedures.


    The Business Unit has the responsibility to assign a Contracting Officer’s Representative (COR) to each contract for oversight of the contract and contractor personnel, to ensure the proper handling and release of SBU data.


  1. The tables below list commonly used terms, definitions and acronyms used throughout this IRM section:

    Terms and Definitions

    Term Definition
    Contracting Officer’s Representative An individual designated and authorized in writing by the contracting officer to perform specific technical or administrative functions related to contracts.
    Department of the Treasury Acquisition Procedures Procedures issues to implement and supplement the Federal Acquisition Regulation (FAR) and the Department of the Treasury Acquisition Regulation (DTAR), providing internal IRS guidance.
    Federal Acquisition Regulation The codification and publication of uniform policies and procedures for acquisition by all executive agencies.
    Internal Revenue Service Acquisition Policy Policy issued to implement and supplement the Federal Acquisition Regulation (FAR) and the Department of the Treasury Acquisition Regulation (DTAR), providing internal IRS guidance.
    Procurement Actions Solicitations, contract awards, purchase orders, task orders, delivery orders, modifications, interagency agreements, blanket purchase agreements (BPAs), and simplified acquisitions.
    Routine Use The disclosure of a record for a purpose which is compatible with the purpose for which it was collected as described in the applicable Privacy Act System of Records.
    Sensitive But Unclassified Information Any information, the loss, misuse, or unauthorized access to or modification of which could adversely affect the national interest or the conduct of Federal programs, or the privacy to which individuals are entitled under the Privacy Act (5 U.S.C. §552a) but which has not been specifically authorized under criteria established by an executive order or an act of Congress to be kept secret in the interest of national defense or foreign policy.
    Statement of Work A generic term used to provide a description of the work to be performed by the contractor, including purchase descriptions, specifications, commercial item descriptions, or formal or voluntary standards. The SOW describes the agency’s requirements.
    System of Records A group of any records under the control of the Department (IRS) from which information is retrieved by the name of an individual, or by some other identifying number, symbol or particular assigned to an individual.


    Acronym Definition
    CFR Code of Federal Regulations
    COR Contracting Officer’s Representative
    DTAP Department of Treasury Acquisition Procedures
    DTAR Department of Treasury Acquisition Regulation
    FAR Federal Acquisition Regulation
    FTI Federal Tax Information
    GLDS Governmental Liaison, Disclosure and Safeguards
    GRS General Records Schedules
    IPS Integrated Procurement System
    IRC Internal Revenue Code
    IRSAP Internal Revenue Service Acquisition Policy
    IT Information Technology
    NARA National Archive and Records Administration
    NDA Non-Disclosure Agreement
    PGI Procedures, Guidance and Information
    PGLD Privacy, Governmental Liaison and Disclosure
    RCS Records Control Schedules
    SBU Sensitive But Unclassified
    SORN System of Records Notice
    SOW Statement of Work
    USC United States Code

Related Resources

  1. Additional sources of guidance on disclosures of official information and disclosures to contractors may also be found at these related resources:

    • IRM 11.3 series, Disclosure of Official Information

    • Disclosure and Privacy Knowledge Base

    • IRM 11.3.14, Privacy Act General Provisions

    • IRM 11.3.21, Investigative Disclosure


  1. In accordance with 26 CFR §301.6103(n)-1(d), contractors, agents, and subcontractors receiving tax information from the IRS are required to inform their employees, in writing, of the criminal and civil penalty provisions for violations of IRC §7213, IRC §7213A, and IRC §7431.

  2. 26 CFR §301.6103(n)-1(e) requires that safeguard provisions be included in procurement actions involving the disclosure of returns and return information under IRC §6103(n):

    1. Subcontractors and agents of the contractor are held to the same provisions, restrictions and penalties as the primary contractor.

    2. Safeguards for the subcontractors and agents are to be included in their contracts verbatim as contained in the primary contract for work.

  3. 26 CFR §301.7513-1 establishes safeguard requirements for contractors who process and reproduce films or photo impressions.

  4. The FAR, subpart 1.602-1(b), provides that no contract shall be entered into unless the contracting officer ensures that all requirements of law, executive orders, regulations, and all other applicable procedures, including clearances and approvals, have been met.

  5. FAR part 24.102(b) implements the provisions of the Privacy Act. Contractors and their employees who contract for the design, development, operation, or maintenance of a system of records on individuals, on behalf of the IRS to accomplish an IRS function, are considered employees of the agency and are subject to the civil and criminal penalty provisions for violations of the Privacy Act.

    1. Pursuant to FAR, subpart 24.103(b)(1), the contracting officer will ensure that the contract work statement specifically identifies the system of records on individuals and the design, development, or operation work to be performed.

  6. IRSAP Part 1004, Administrative Matters and IRSAP Part 1024, Protection of Privacy and Freedom of Information, provide instructions with respect to procedures to be followed where contractual procurement will be subject to the Privacy Act, the provisions of IRC §6103(n) or where access by a contractor to Sensitive But Unclassified material is contemplated.

  7. For more on Privacy Act contract requirements, see IRM, Federal Acquisition Regulation Specific Privacy Act Training Clause Required in All Contracts Where Contractors Will Have Authorized Access to Privacy Act Information.

Disclosure of Returns and Return Information to Vendors and Expert Services

  1. To enable vendors to fully evaluate the parameters of the work involved when invited to submit a quote, proposal, or bid for a specific requirement, it may become necessary to provide them access to Federal tax returns, return information, or other SBU data at the solicitation phase of an acquisition. In such cases, the written solicitation must conform to the requirements of the IRSAP and incorporate the appropriate safeguarding provisions and Privacy Act clauses.

  2. IRS CORs will ensure full recovery of all SBU data immediately upon completion of its necessitated use during the solicitation stage. Care should be exercised to place a limited time-frame on the length of time it takes for the bidder(s) to use the SBU data.

  3. Under 26 CFR §301.7602-1(b)(3), service contractors to the IRS or the Office of Chief Counsel may receive books, papers, records, or other data summoned by the IRS. Service contractors may, under the guidance of an IRS officer or employee, take testimony of a person the IRS has summoned as a witness to provide testimony under oath.

Disclosure of Returns and Return Information to Students/Trainees

  1. The IRS occasionally hires trainees through participation in certain work programs. Some of the students/trainees are of the "direct-hire" while others are of the "hosting" type.

  2. "Direct-hire" trainees are employed and paid by the IRS and their right of access to returns or return information, when required as part of their duties, is the same as for other IRS employees. See IRC §6103(h)(1).

  3. "Hosting" trainees are hired and paid by non-Treasury Department organizations and assigned by these organizations to the IRS for training. They may not be given access to tax returns or return information or information governed by the Privacy Act.


    If these trainees qualify as "students" under IRM, those rules will govern.

  4. Uncompensated student volunteers have been deemed by statute (5 U.S.C. §3111) to be Treasury and/or IRS employees for purposes of both the Privacy Act and IRC §6103. As such, disclosures are permissible. However, the student must meet the following criteria.

    • Qualify as a Student - A student is defined as "an individual who is enrolled, not less than half-time, in a high school, trade school, technical or vocational institute, junior college, college, university, or comparable recognized educational institution." Individuals from high schools or above who participate in a formal program with the IRS as part of their curriculum are considered student volunteers. To qualify, they must obtain the permission of the institution where they are enrolled as part of a program to provide educational experiences for students. They must be "uncompensated" and may not be used to displace any employee. Counsel has clarified the definition of uncompensated. Student volunteers compensated by other than Federal funds are considered uncompensated for 5 U.S.C. §3111 purposes.


      Volunteers from other organizations or welfare to work programs do not qualify for access to IRC §6103 or Privacy Act data.

Disclosure of Returns and Return Information to Assistors of Disabled Employees

  1. The IRS hires a considerable number of disabled employees. To effectively use the skills of these individuals it is often necessary that they be assisted by non-IRS personnel. Several Federal, state and local agencies provide assistors at no cost to the IRS.

  2. Under 5 U.S.C. §3102(b), these assistors can be "hired" by IRS and are permitted to have access to returns or return information, under IRC §6103(h)(1), subject to its requirements, even if they are uncompensated by IRS.

Disclosure of Return Information to Title Search Companies

  1. The IRS procures the vast majority of title searches by use of contracts or purchase orders pursuant to IRC §6103(n).

  2. When low volume, rare, exigent circumstances exist, purchase cards may be used, rather than contracts or purchase orders, to procure title searches. See the Restricted Purchase List for more information. The disclosures will be pursuant to IRC §6103(k)(6), investigative disclosures, and the IRS business office/unit must:

    1. Incur very few needs for title searches on a monthly basis

    2. Demonstrate that vigorous, real effort has been made to procure a contract for title searches and

    3. Thoroughly document that no company contacted is willing (obtain written refusal where possible) to enter such a contract


    Every effort should be made to locate a vendor (or vendors) who will enter into a contractual agreement (purchase order) to provide title searches upon request, for a specified geographical area.


    See IRM for more information on the use of IRC §6103(k)(6).

Appraisers, Court Reporter and Interpreter Services

  1. Procurement actions involving the use of appraisers, court reporters, interpreters, and others must follow the contract requirement provisions for Privacy Act, statutes governing release of returns and return information, and SBU data found elsewhere in this IRM.

  2. Business units should email *Privacy for assistance with procurements involving Privacy Act and SBU data.

  3. It is important that the system of records notice routine use contains the appropriate language to permit disclosing Privacy Act records to a contractor. See IRM

Contracts Involving Disclosure of Other "Sensitive But Unclassified Information" (SBU) or formerly Official Use Only Documents

  1. Other SBU information, not Privacy Act or return information, may be disclosed to contractors when it is determined that such access is necessary to properly perform assigned tasks.

  2. This other type of SBU material is that information not protected by either the Privacy Act or the statutes governing release of returns and return information.


    Examples of this type of SBU information includes, but is not limited to: IRMs, training guides, memoranda, reports, testimony, deliberations, maps, drawings, schematics, plans, assessments, etc.

  3. SBU documents are the property of the IRS, and are construed to be "a thing of value" protected by statute (18 U.S.C. §641, as modified by 18 U.S.C. §3571).

  4. Access to SBU documents will not be routinely granted to contractors. Each case must be decided on its own merit, with the needs of the IRS being the foremost consideration.


    See IRM, Execution of Non-Disclosure Agreement (NDA), for an example of an NDA.

  5. For more information, refer to the SBU Data section of IRM 10.5.1, Privacy Policy and the Staff-Like Access section of IRM 10.23.2, Contractor Investigations.

Disclosure of Return Information to Whistleblowers

  1. Under IRC §6103(n), IRC §7623, and 26 CFR §301.6103(n)-2, Disclosure of return information in connection with written contracts among the IRS, whistleblowers, and legal representatives of whistleblowers, IRS employees are authorized to disclose return information to a whistleblower and their legal representative, to the extent necessary in connection with a written contract between the Internal Revenue Service (IRS), the whistleblower and their legal representative, for services relating to the detection of violations of the internal revenue laws or related statutes.

  2. Disclosures may include, but are not limited to, disclosures to obtain information related to the subject of the whistleblower’s claim that is otherwise unavailable, similar in nature to disclosures under IRC §6103(k)(6) and the applicable regulations.

  3. Upon written request by a whistleblower, or a legal representative of a whistleblower, with whom the IRS has entered into a written contract for services as described in 26 CFR §301.6103(n)-2(a)(1), the Director of the Whistleblower Office, or designee of the Director, may inform the whistleblower and, if applicable, the legal representative of the whistleblower of the following:

    • The status of the whistleblower's claim for award under section 7623

    • Whether the claim is being evaluated for potential investigative action, or

    • Whether the claim is pending due to an ongoing examination, appeal, collection action, or litigation


    The information may be disclosed only if the IRS determines that the disclosure would not seriously impair Federal tax administration.

  4. Any whistleblower, or legal representative of a whistleblower, who receives return information under this section, is subject to the civil and criminal penalty provisions of IRC §7431, §7213, and §7213A for the unauthorized inspection or disclosure of the return information.

Destruction of Returns and Return Information

  1. Contracts for the destruction of tax information falls within the scope of IRC §6103(n).

    1. A contractual agreement, in compliance with IRC §6103(n), is required if tax information to be destroyed does not remain in sealed containers or is otherwise protected from view by the contractor during the destruction process

  2. IRSAP 1052.224-9000, Safeguards Against Unauthorized Disclosure of Sensitive but Unclassified Information (Rev. Dec. 2018), should be included when procuring services for the destruction of sensitive but unclassified information. See IRSAP 1024.9001, Determination of Pre-Award Survey, which references IR1052.224-9000, Safeguards Against Unauthorized Disclosure of Sensitive but Unclassified Information (DEC 2018). In addition there is IRSAP PGI 1024.9001, Determination of pre-award survey.

  3. Ensure IRS records, hard copy and electronic including those containing SBU data, are managed appropriately and in accordance with Document 12990, Records and Information Management Records Control Schedules (RCS), and Document 12829, General Records Schedules (GRS). Document 12829 as approved records disposition by the National Archives and Records Administration (NARA) to prevent unauthorized/unlawful destruction of records. Refer to IRMs 1.15, Records and Information Management series for further records retention guidance.