25.23.1 Identity Protection and Victim Assistance - Policy Guidance

Manual Transmittal

September 17, 2019

Purpose

(1) Guidance in IRM 25.23.1 is designated for identity theft victim assistance policy servicewide.

Material Changes

(1) Editorial changes have been made throughout the IRM to clarify language and improve information delivery.

(2) IPU 18U1410 issued 11-01-2018 IRM 25.23.1.3 Wage and Investment - Accounts Management - Identity Protection Strategy and Oversight (IPSO) added information about Identity Protection and changed title.

(3) IPU 18U1410 issued 11-01-2018 IRM 25.23.1.3.1 Identity Protection (IP) Program Responsibilities changed title

(4) IPU 18U1410 issued 11-01-2018 IRM 25.23.1.4 Identity Theft and the IRS corrected link.

(5) IPU 18U1410 issued 11-01-2018 IRM 25.23.1.5 IRS Employees Who May be Victims of Tax-Related Identity Theft corrected link.

(6) IPU 18U1549 issued 12-18-2018 IRM 25.23.1.3 Wage and Investment - Accounts Management - Identity Protection Strategy and Oversight (IPSO) removed bullet.

(7) IRM 25.23.1.1.1 Key Definitions corrected example.

(8) IRM 25.23.1.1.2 Related Internal Revenue Manuals (IRM) and other Reference Materials updated IRM titles.

(9) IRM 25.23.1.3 Wage and Investment - Accounts Management - Identity Protection Strategy and Oversight (IPSO) renamed IDTVA-C to Specialty Resolution and corrected RICS title.

(10) IRM 25.23.1.3.1 Identity Protection (IP) Program Responsibilities removed ITAG reference.

(11) IRM 25.23.1.6. Identity Protection and Victim Assistance Initiatives removed ITAG and TWG reference.

(12) IRM 25.23.1.6.1 Awareness Training and Education replaced section

(13) Exhibit 25.23.1-1 Glossary of Identity Protection Terms and Definitions clarified Employment Related Identity Theft definition and .removed ITAG and TWG reference.

(14) Exhibit 25.23.1-2 References updated IRM titles.

Effect on Other Documents

IRM 25.23.1 dated September 19, 2018 is superseded and includes IPU 18U1410 issued 11-01-2018 and IPU 18U1549 issued 12-18-2018.

Audience

The provisions in this manual apply to all divisions, functional units, employees, and contractors within the IRS working identity theft cases.

Effective Date

(10-01-2019)

Karen A. Michaels
Director, Accounts Management
Wage and Investment Division

Internal Controls

  1. Purpose: This manual defines the mission, objectives, and governance structure of the Identity Protection and Victim Assistance Program. It provides the organizational framework for carrying out specific policies and procedures aimed at preventing identity theft, protecting taxpayers and providing assistance to victims of identity theft.

  2. Scope: The provisions in this manual apply Servicewide.

  3. Audience: The primary users of the IRM are anyone working identity theft inventory and providing assistance to victims of identity theft.

  4. Policy Owner: The Director of Accounts Management.

Key Definitions

  1. IMF Identity Theft- A fraud that is committed or attempted, using a person's identifying information without authority.

    Example:

    Identity Theft: For tax year 2015, the taxpayer filed his own return and did not use a preparer. However, unbeknownst to the taxpayer, the preparer he used in 2014, filed a 2015 return using the victim’s SSN without his permission. For his 2015 account, the taxpayer was a victim of identity theft.

    Caution:

    Do not confuse preparer misconduct with identity theft. For cases involving preparer misconduct refer to IRM 25.24, Return Preparer Misconduct Program, for additional information.

    Example:

    Identity Theft: The taxpayer calls the IRS inquiring about his refund only to be informed the refund was offset to a previous year’s balance due. The taxpayer was unaware of a balance due. After further research, the CSR determines the balance due is a result of an AUR assessment under the taxpayer’s TIN. The taxpayer is claiming to have no knowledge of the notices issued related to these actions nor the income being reported under his TIN for a previous year. The taxpayer suspects he may be a victim of identity theft.

  2. BMF Identity Theft- Is defined as creating, using, or attempting to use a business’ identifying information without authority to obtain tax benefits:

    Example:

    Identity Theft: An identity thief files a business tax return (Form 1120, Form 720, etc.), using the Employer Identification Number (EIN) of an active or inactive business without the permission or knowledge of the EIN’s owner, to obtain a fraudulent refund.

    Example:

    Identity Theft: An identity thief, using the Employer Identification Number (EIN) of an active or inactive business without the permission or knowledge of the EIN’s owner, files bogus Forms 941 and/or W-2s to support bogus Form(s) 1040 claiming a fraudulent refund.

    Example:

    Identity Theft: An identity thief fraudulently obtains an EIN, using the name and social security number of another individual as the responsible party, without their approval or knowledge, to file fraudulent tax returns (Form 941, Form 1120, Form 1041, etc.), obtain a refund, or further perpetuate individual identity theft or refund fraud.

  3. Preparer Misconduct: Return preparer misconduct generally involves the orchestrated preparation and filing of false income tax returns (in either paper or electronic form), including Form 1040X, by unscrupulous preparers who may change direct deposit information or claim, for example:

    • Inflated personal or business expenses;

    • False deductions;

    • Unallowable credits;

    • Excessive exemptions; or

    • Fraudulent tax credits such as the Earned Income Tax Credit (EITC).

    The preparer's clients may or may not have knowledge of the false expenses, deductions, exemptions and/or credits shown on their tax returns.

    Example:

    A taxpayer used a preparer in 2015 to prepare and file Form 1040. The preparer changed the return by increasing the withholding tax claimed and diverted the resulting refund into the preparer’s personal account. This is preparer misconduct. The AC 504 is input with an RPM related MISC Code For cases involving return preparer misconduct, refer to IRM 25.24, Return Preparer Misconduct Program, for guidance.

    Note:

    Refer to your functional IRM for guidance on resolving preparer misconduct cases.

  4. Personally Identifiable Information (PII). Any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information. Safeguarding and preventing the unauthorized disclosure of PII is a responsibility that is shared by all Internal Revenue Service (IRS) employees and contractors. Lost or disclosed PII may be used to perpetrate identity theft or other forms of fraud if the information falls into unauthorized hands. The definition of personally identifiable information is provided by OMB 07-16. For further information about PII, see the Personally Identifiable Information page in the Disclosure and Privacy Knowledge Base.

  5. Incident - The term “incident” refers to an occurrence or event involving identity theft as it applies to a specific tax year(s) as reported by the taxpayer.

  6. Data Breach - is an unauthorized release of PII. Not all data breaches impose a risk to tax-related identity theft. For internal data breaches, refer to IRM 10.5.4.5, IRS Breach Tracking Indicator - Objectives.

  7. For a full listing of Identity Protection terms, see Exhibit 25.23.1-1, Glossary of Identity Protection Terms and Definition.

Related Internal Revenue Manuals (IRM) and other Reference Materials

  1. Throughout IRM 25.23.1,Identity Protection and Victim Assistance - Policy Guidance, there are links/references to other IRMs for handling program specific issues.

  2. Employees/CSRs are responsible for familiarizing themselves with and utilizing all linked/referenced IRMs, as appropriate. This includes, but is not limited to sections, within the following:

    • IRM 2, Information Technology

    • IRM 3, Submission Processing

    • IRM 4, Examining Process

    • IRM 5, Collecting Process

    • IRM 10.5, Security, Privacy and Assurance

    • IRM 11.3, Disclosure of Official Information

    • IRM 13, Taxpayer Advocate Service

    • IRM 20, Penalty and Interest

    • IRM 21, Customer Account Services

    • IRM 25, Special Topics

    In addition, this IRM links to these IDTVA function specific IRMs

    • IRM 25.23.2, Identity Protection and Victim Assistance - General Case Processing

    • IRM 25.23.3,IMF Identity Protection Specialized Unit (IPSU) Paper Overview and Guidance

    • IRM 25.23.4, IDTVA Paper Process

    • IRM 25.23.9, BMF Identity Theft Processing

    • IRM 25.23.10, Compliance Identity Theft Case Processing

    • IRM 25.23.11, Business Master File (BMF) Identity Theft Procedures for Accounts Management

    • IRM 25.23.12, IMF Identity Theft Toll-Free Guidance

    • IRM 25.24.1, Return Preparer Misconduct Victim Assistance - General Overview

    • IRM 25.24.2, Return Preparer Misconduct Victim Assistance Specialized Accounts Management Processing

Background of the Identity Protection Program

  1. Identity theft places a burden on its victims and presents a challenge to businesses, organizations and government agencies, including the Internal Revenue Service (IRS).

  2. The IRS combats tax-related identity theft with an aggressive strategy of prevention, detection and victim assistance. Stopping identity theft and refund fraud is a top priority for the IRS.

  3. Identity theft cases are among the most complex handled by the IRS. The IRS is continually reviewing processes and policies to minimize the incidence of identity theft and to help those who find themselves victimized.

  4. In FY 2013, the IRS opted to develop specialized teams trained in identity theft case processing to handle the influx of tax-related identity theft cases.

Wage and Investment - Accounts Management - Identity Protection Strategy and Oversight (IPSO)

  1. In FY 2015, the IRS opted to consolidate Identity Theft (IDT) Operations to improve accountability, efficiency, and timeliness. This organizational structure will provide unified leadership and improve program oversight.

  2. Identity theft creates a heavy financial and emotional toll on its victims and severely burdens our economy. The IRS is focused on prevention and assistance activities including a comprehensive approach to protecting taxpayer information. The IRS will enhance efforts through three primary goals:

    • Victim Assistance

    • Outreach

    • Prevention

  3. Wage and Investment (W&I) Identity Protection Strategy and Oversight (IPSO) supports servicewide efforts to recognize and resolve identity theft issues while striving to provide a uniform and consistent approach to victim assistance. IPSO maintains enterprise governance over identity protections and victim assistance.

  4. Identity Protection (IP) Headquarters is a headquarters operation that reports through the IPSO manager to Accounts Management leadership. The organization supports service wide Identity protection and victim assistance through:

    • The development of short-term and long-term remedies to protect taxpayer information and make the experience of those who are already victims faster and more efficient.

    • The development of servicewide policy, procedures, and guidelines for the priority of recognizing, marking and acknowledging individual taxpayer claims involving identity theft.

    • Support of IPSO activities within the scope of programs associated with identity protection.

  5. Identity Theft Victim Assistance (ITVA) Headquarters is a headquarters operation that reports through the IPSO manager to Accounts Management leadership. The organization supports the IDTVA organization through:

    • The development of ITVA policy, procedures, and guidelines for resolving individual taxpayer accounts involving identity theft or return preparer misconduct.

    • Support IPSO activities within the scope of programs associated with victim assistance.

    • Evaluation of legislative changes in current policy decisions, process improvement suggestions, technical advice, and other sources to write or revise IRM procedures.

    • Completion of reviews of IDTVA (IDT & RPM), and the IDT and TPP Toll-free operations to ensure victims or customers of those functions receive timely and accurate actions, identify trends, receive input on above stated guidance, make recommendations and resolving issues at the earliest possible point.

  6. Identity Theft Victim Assistance (IDTVA) is an organization that combines the skills of Accounts Management and Compliance within one organizational framework to resolve post-processing identity theft cases while focusing on the customer's experience. There are three major functional components of IDTVA:

    • IDTVA-Identity Protection Specialized Unit (I)- IDTVA-Identity Protection Specialized Unit (I)- plays an integral role in daily operations. IDTVA-I responsibilities include: Processing non-tax-related identity theft Form 14039, Identity Theft Affidavit, processing identity theft assistance requests (ITAR), performing global account reviews and processing requests for copies of fraudulent returns.

    • IDTVA-Accounts (A)- generally resolves tax-related identity theft cases discovered or reported in normal Accounts Management casework, such as duplicate filing conditions.

    • Specialty Resolution (formerly IDTVA-Compliance (C)) - generally resolves tax-related identity theft cases discovered or reported in normal Campus Compliance casework, such as replies to Exam, AUR, and ACS notices.

  7. The following Functions, which are responsible for publishing guidance to address/resolve incidents of IDT discovered in their processing, are not within the current framework of IDTVA:

    • Return Integrity and Compliance Services (RICS) - Taxpayer Protection Program (TPP) and Integrity Verification Operations (IVO)

    • Submission Processing (SP)

    • Field Exam

    • Field Collection

    • Large Business and International (LBI)

    • Appeals

    • Field Assistance

    • Criminal Investigation (CI)

    • Combined Annual Wage Reporting (CAWR)

Identity Protection (IP) Program Responsibilities

  1. IPSO maintains enterprise-wide identity protection program oversight. This includes internal outreach to all Business Operating Divisions to ensure the established policies are implemented and supported servicewide.

  2. IPSO has the following specific responsibilities related to administering the Identity Protection Program in IRS:

    1. Building programs to reduce incidents of identity theft such as the Identity Protection Personal Identification Number (IP PIN) and the identity theft unpostable process

    2. Defining, communicating, and assigning responsibility for the IRS' substantiated identity theft incident tracking program

    3. Raising taxpayer awareness of identity theft techniques through outreach

    4. Reducing taxpayer burden and improving service options while addressing and resolving identity theft cases

    5. Protecting Treasury revenue by identifying suspicious filings before the refunds are generated

    6. Increasing operational efficiency of the IRS by detecting and processing reported identity theft incidents as early and consistently as possible

    7. Identifying emerging trends and developing appropriate strategies and responses

    8. Developing, defining, monitoring, and executing identity theft policies and procedures

    9. Participating in risk assessments on IRS business processes, where appropriate

    10. Communicating and coordinating with both internal and external stakeholders (such as the Federal Trade Commission) to ensure consistency regarding identity theft issues

    11. Determining identity theft performance measures to assess the effectiveness of the program and identity theft initiatives throughout the IRS, and making recommendations for improvement as appropriate

    12. Overseeing the maintenance, publication, and conveyance of the servicewide identity theft guidance via the Identity Protection and Victim Assistance Internal Revenue Manual (IRM), ensuring that the information contained remains current

    13. Conducting identity theft program reviews, which include, but are not limited to: IRM reviews to verify procedural consistency; and closed case reviews to ensure adherence to servicewide policies and procedures

    14. Evaluating new technologies and assessing benefits for use in identity theft initiatives.

Identity Theft Victim Assistance (ITVA)- Program Responsibilities

  1. The mission of Identity Theft Victim Assistance (ITVA) is to develop policy, procedures, and guidelines for resolving individual taxpayer accounts upon contact from a victim of identity theft (IDT) or Return Preparer Misconduct (RPM). ITVA issues guidance for:

    • Researching accounts based on a return or claim from an apparent victim

    • Correcting accounts when IDT or RPM is substantiated, and

    • Communicating with victims

  2. To accomplish the mission, ITVA:

    • Supports all activities identified by Identity Protection Strategy and Oversight (IPSO) with specific purview of programs associated with victim assistance.

    • Evaluates legislative changes, current policy decisions, process improvement suggestions, technical advice, and other sources to write or revise IRM procedures.

  3. IDTVA employees are located at various campus locations. Refer to IRM 25.23.4, IDTVA Paper Process, for IDTVA campus locations and groups.

Identity Theft and the IRS

  1. Identity theft occurs when someone uses an individual’s personal information, such as name, Social Security Number (SSN), or other identifying information without permission, to commit fraud or other crimes.

  2. For the purpose of victim assistance, there are two types of Identity Theft:

    • Identity Theft in Tax Administration, or Tax-Related Identity Theft; Identity theft with a direct effect on the taxpayer’s filing and payment requirements, such as their ability to file a tax return, receive a refund or take other actions associated with these responsibilities. Tax-related identity theft is most often associated with the theft of a taxpayer’s Social Security number (see IRM 25.23.1.4.1, Identity Theft in Tax Administration, below).

    • Non-Tax-Related Identity Theft: The taxpayer experiences an incident, such as becoming a victim of a data breach from their medical office or a lost wallet or stolen purse - which may place them at risk of identity theft related to their credit or finances - but there is no direct effect on tax administration at that time.

  3. Taxpayers may notify the IRS when they believe they have experienced an identity theft incident. In these instances, taxpayers must make a claim, and in some cases, provide additional information to establish that they are identity theft victims.

  4. Identity theft often leaves its victims feeling helpless and distraught. Service employees should exercise empathy in dealing with victims. Refer to IRM 25.23.2.2 .1Taxpayer Interaction, for additional information. Additionally, the Taxpayer Bill of Rights, grants all taxpayers important rights. Refer to Pub 1, Your Rights as a Taxpayer, for additional information.

  5. Identity theft cases will be prioritized and worked expeditiously.

Identity Theft in Tax Administration

  1. Tax-Related Identity theft can affect tax administration in three primary ways:

    • Employment or Income Related - This occurs when the identity thief uses the victim’s SSN to obtain employment, resulting in what may appear as unreported income under the victim's account.

    • Refund Related - This occurs when the identity thief uses the victim’s SSN to file a false federal income tax return to obtain a refund. If the thief files before the victim, the victim may not receive his or her refund within a reasonable time frame.

    • Business Related Business Master File (BMF) identity theft is defined as creating, using or attempting to use a business’s identifying information, without authority, to obtain tax benefits.

IRS Employees Who May be Victims of Tax-Related Identity Theft

  1. IRS employees who believe they may be victims of tax related identity theft should take the following actions:

    • File Form 14039, Identity Theft Affidavit

      Note:

      Be sure to write legibly and follow the instructions on the form.

    • Contact your local Treasury Inspector General for Tax Administration (TIGTA) office immediately, in person or by phone at 800-366-4484

    • Call the number on the notice as soon as possible, if you receive an IRS notice that makes you think you have become a victim of tax-related identity theft.

    • Contact TIGTA immediately, if you believe someone is using your information to impersonate an IRS employee, or if you suspect an IRS employee may be involved in your identity theft.

    • Visit Identity-Protection and IRM 25.23.2.2.1, Taxpayer Interaction, for additional information and resources

IRS Employees Who May be Victims of Non-Tax-Related Identity Theft

  1. IRS employees who believe they may be victims of non-tax related identity theft should take the following actions:

    • You will need to file Form 14039, Identity Theft Affidavit.

      Note:

      Be sure to write legibly and follow the instructions on the form.

    • If you think you might be at risk of identity theft due to a lost or stolen purse or wallet, questionable credit card activity or credit report, you should contact the IRS toll-free at 800-908-4490, Mon. – Fri., 7 a.m. -7 p.m. taxpayer’s local time (Pacific Time for Alaska and Hawaii) to take steps to protect your account.

    Note:

    For additional information on non-tax related identity theft, refer to Identity-Protection

    .

Identity Protection and Victim Assistance Initiatives

  1. The IRS established and expanded initiatives to address identity theft in tax administration which includes:

    • Identity Theft Training

Awareness Training and Education

  1. IPSO maintains the annual employee awareness training.

  2. Presently IPSO maintains two ELMS courses:

    • Identity Theft Awareness Briefing (ELMS Course Number 43113) – is designed for new IRS employees, or those newly appointed to positions, that have direct contact with taxpayers - especially those who are or may become victims of identity theft. This course may also be used by anyone who wants to learn more about identity theft. It is intended to give guidance regarding such topics as IRS initiatives to combat identity theft, empathy for the taxpayer seeking assistance, the IP PIN program, identity theft indicators and includes internal and external resources.

    • Identity Protection Overview (ELMS Course Number 56188) – is designed for seasoned employees. This is a streamlined briefing for employees who have taken the full Identity Theft Awareness Briefing (#43113). It shares high-level information and contains updates to identity theft programs and initiatives. This training is for more experienced employees who no longer require the in-depth training offered by the Identity Theft Awareness Briefing.


    Employees are required to certify the required courses are completed.

  3. Accounts Management (AM) Headquarters Functional Training coordinators provide annual CPE for IDTVA employees.

Data Breach - Business Entities Whose Employees or Clients PII was Breached

  1. Businesses, hospitals, doctor’s offices, etc., may contact IRS when their employee or client PII has been breached. State or Local Law Enforcement, or any other third party such as tax practitioners, accountants, etc., attempting to assist an entity that was breached may also contact IRS. If you are contacted by one of these entities, and they are seeking guidance for their employees/clients, the following actions/precautions should be recommended to the breached entity/third party so they may alert the affected individuals/clients/employees whose data was breached to take the following precautions:

    • Contact the Federal Trade Commission (FTC) Identity Theft Hotline at 877-438-4338, establish an account with Social Security Administration (SSA) to review earnings records; and contact one of the three major credit bureaus: Equifax at 800-525-6285, Experian at 888-397-3742, or TransUnion at 800-680-7289; and

    • Not every data breach results in identity theft, and not every identity theft is tax-related identity theft. If the individual/client whose PII was breached received IRS correspondence or their e-file tax return was rejected as a duplicate (and the taxpayer did not file that return), the individual/client may take these additional steps with the IRS:

    • Submit an IRS Form 14039, Identity Theft Affidavit, as appropriate

    • Continue to file their tax return, even if they must do so by paper, and attach the Form 14039

    • Watch for any follow-up correspondence from the IRS and respond quickly

    Note:

    The affected individuals will need to file Form 14039 to have their account protected as the IRS does not accept Form 14039 from unauthorized third parties.

  2. If you are contacted by a tax preparer reporting a theft in their office that could lead to a data breach, instruct them to report client data theft to their local stakeholder liaison. Refer to https://www.irs.gov/businesses/small-businesses-self-employed/stakeholder-liaison-local-contacts-1 for contact information. Liaisons will notify IRS Criminal Investigation and others within the agency on their behalf. Speed is critical. If reported quickly, the IRS can take steps to block fraudulent returns in their clients’ names.

  3. If you are contacted by a business or payroll service provider reporting a data loss relating to W2 information, instruct them to visit https://www.irs.gov/individuals/form-w2-ssn-data-theft-information-for-businesses-and-payroll-service-providers

  4. For additional information on identity theft guidance, refer to IRM 25.23.12, IMF Identity Theft Toll-Free Guidance.

Taxpayers who are Victims of a Data Breach

  1. Taxpayers may contact IRS when a business, employer, or financial institution alerts them that their PII was breached. Take the following actions dependent upon the facts and circumstances of the taxpayer’s accounts (tax-related or non-tax related):

    Caution:

    Not all data breaches lead to identity theft and not all identity theft is tax-related identity theft.

  2. No Tax-Related Issues: CSRs will provide the following information to taxpayers who identify themselves as data breach victims and who have no tax-related issues:

    • Stay informed about the steps being taken by the breached entity;

    • Follow the Federal Trade Commission recommended steps, including:

    • Notify one of the three major credit bureaus to place a fraud alert on your credit file

    • Close any accounts opened without your permission

    • Visit www.identitytheft.gov for additional guidance

    Note:

    For victims needing to complete Form 14039, in addition to the fillable IRS Form 14039 on IRS.gov, the FTC has a fillable Form 14039 on www.identitytheft.gov. This is authorized by the IRS and its placement on the FTC site is intended to consolidate and relieve the overall self-reporting and recovery burden of victims who are reporting their situation to the FTC and who intend to also complete an IRS Form 14039.

  3. Tax-Related Issues: Advise the taxpayer to file Form 14039, Identity Theft Affidavit if:

    • The IRS has informed the taxpayer they were victims of an identity theft tax fraud.

    • The taxpayer’s e-file return was rejected as a duplicate.

    Note:

    For victims needing to complete Form 14039, in addition to the fillable IRS Form 14039 on IRS.gov, the FTC has a fillable Form 14039 on www.identitytheft.gov This is authorized by the IRS and its placement on the FTC site is intended to consolidate and relieve the overall self-reporting and recovery burden of victims who are reporting their situation to the FTC and who intend to also complete an IRS Form 14039.


    For additional information refer to 25.23.2.3Identity Theft Claims – General Guidelines.

  4. For information on specific incidents, see IRM 25.23.2 Identity Protection and Victim Assistance - General Case Processing

Glossary of Identity Protection Terms and Definitions

Access - The ability or opportunity to gain knowledge of personally identifiable information.
Breach - The loss of control, disclosure, unauthorized disclosure, unauthorized acquisition, unauthorized access, or any similar term referring to situations where persons other than authorized users and for other than the authorized purpose have access or potential access to personally identifiable information, whether physical or electronic.
Employment Related Identity Theft - occurs when someone, other than the valid SSN owner, uses the SSN to obtain or retain employment. Employment Related Identity Theft is considered “non-tax” related because it does not involve the filing of a fraudulent return. However, income generated by a person other than the valid SSN owner may result in the assessment of additional tax if not addressed prior to the assessment.
Federal Trade Commission (FTC) - An independent agency of the United States government, established in 1914 by the Federal Trade Commission Act, with the principal mission of promoting "consumer protection" and the elimination and prevention of what regulators perceive to be "anti-competitive" business practices.
Harm - Includes any of the following effects of a breach of confidentiality, integrity, availability, or fiduciary responsibility:
  • Potential for blackmail;

  • Disclosure of private facts;

  • Mental pain and emotional distress;

  • Potential for secondary uses of the information that could result in fear or uncertainty, or the unwarranted exposure leading to humiliation or loss of self-esteem;

  • Identity theft; or

  • Financial loss

Identity Theft - A fraud that is committed or attempted, using a person's identifying information without authority.
  • Tax Related Identity Theft - Identity Theft that impacts individual or business Federal tax accounts.

  • Non-tax Related Identity Theft - Identity theft that does not impact individual or business Federal tax accounts, such as; lost wallet/purse, breach of personal data, questionable credit activity.

Identity Theft Claim -refers to any combination of:
  • Form 14039, or

  • Police report, or

  • For other than Compliance functions, a written statement from the taxpayer indicating they are or maybe victim of identity theft.

Note:

Cases that are referred to IDTVA from a Compliance function must include a Form 14039 or police report to be considered an Identity Theft claim.

Identity Theft Liaison - A listing of individuals in the business units that are the contacts for the W&I AM IPSU, when IDTVA-I (IPSU) sends Form 14027-B, Identity Theft Case Referral, for monitoring account activity on cases with open controls. A current listing of "ID Theft Liaisons (Functional)" can be found on SERP under the Who/Where Tab.
Identity Theft Assistance Request (ITAR) Liaison - A listing of individuals in the business units that are the contacts for the W&I AM IPSU. IPSU sends Form 14103, Identity Theft Assistance Request for account resolution and monitors the business units account activity on cases with open controls. A current listing of "ID Theft Liaisons (Functional)" can be found on SERP under the Who/Where tab.
Incident - For the purpose of this IRM, the term “incident” refers to an occurrence or event involving identity theft as it applies to a specific tax year(s) as reported by the taxpayer.
Incident Management - The process of managing incidents involving the loss or disclosure of data.
Information Technology - Any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by an executive agency.
Loss - Any event where an item is misplaced and/or neither the official owner nor the intended recipient has possession of the item in the expected time frame. A loss may involve an IRS-owned physical asset such as a laptop, blackberry, cell phone, and/or other portable media, or electronic or hard copy data that may contain Sensitive But Unclassified (SBU) data or Personally Identifiable Information (PII) such as paper or electronic taxpayer records, personnel records, or other identifying data, or a combination of a physical asset and electronic and/or hard copy data.
Office of Management and Budget (OMB) - A cabinet-level office that oversees the activities of federal agencies and monitors the adherence of their assigned federal programs to presidential policies.
Personally Identifiable Information (PII) - The term “personally identifiable information” refers to information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc. Please see OMB 07-16. For further information about PII, see the Personally Identifiable Information page in the Disclosure and Privacy Knowledge Base.
Risk - The level of impact on agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring.
Risk Assessment - The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security and privacy controls that would mitigate this impact.
Safeguards - Protective measures prescribed to meet the privacy requirements specified for an information system.
Unpostable - A transaction which cannot be posted to a taxpayer's account because the transaction failed certain Master File validation checks.

References

The Identity Protection Strategy & Oversight was established to ensure Servicewide implementation of federal directives to protect citizens and government employees. The following are the principal documents involving the Identity Protection Program:


OMB Memoranda

OMB Memoranda are available at Office of Management and Budget at http://www.whitehouse.gov/omb/memoranda.

Other Federal Guidance

  1. Combating Identity Theft: A Strategic Plan, The President’s Identity Theft Task Force Report, April 2007

  2. Combating Identity Theft, Volume II: Supplemental Information, The President’s Identity Theft Task Force Report, April 2007

  3. President’s Identity Theft Task Force Report Summary of Interim Recommendations, September 2006


The President’s Identity Theft Task Force documents are available at http://www.idtheft.gov/

Identity Protection Victim Assistance Internal Revenue Manuals

  • IRM 25.23.2, Identity Protection and Victim Assistance - General Case Processing

  • IRM 25.23.3, IMF Identity Protection Specialized Unit (IPSU) Paper Overview and Guidance

  • IRM 25.23.4, IDTVA Paper Process

  • IRM 25.23.9, BMF Identity Theft Processing

  • IRM 25.23.10, Compliance Identity Theft Case Processing

    Note:

    Information previously found in IRM 25.23.5, ACSS IDT Processing, IRM 25.23.6, CSCO/ASFR IDT Processing, IRM 25.23.7, AUR Identity Theft Processing and IRM 25.23.8, Campus Exam Identity Theft Case Processing, has been consolidated into IRM 25.23.10, Compliance Identity Theft Case Processing

  • IRM 25.23.11, Business Master File (BMF) Identity Theft Procedures for Accounts Management

  • IRM 25.23.12, IMF Identity Theft Toll-Free Guidance

  • IRM 25.24.1, Return Preparer Misconduct Victim Assistance - General Overview

  • IRM 25.24.2, Return Preparer Misconduct Victim Assistance Specialized Accounts Management Processing