The Need to Safeguard Taxpayer Data
Today’s identity thieves are a formidable enemy. They are an adaptive adversary, constantly learning and changing their tactics to circumvent the safeguards and filters put in place to stop them from committing their crimes. Some of the individuals committing identity theft refund fraud are members of high-tech global rings engaged in full-scale organized criminal enterprises for stealing identities and profiting from that information. As the criminals' efforts increase in sophistication, so do the number and scope of data breaches, which serves to further expand the network and warehousing of stolen and compromised identity information, and in turn increases the potential for that stolen identity information to ultimately reverberate through the tax system.
In 2015, the IRS called together major players in the tax industry - tax return preparers, software providers, state tax agencies, payroll providers and financial institutions - for a Security Summit to increase the cooperation in place to fight a common enemy - the identity thieves. Tax preparers are critical players in this partnership, and, because of the taxpayer information they store, increasingly a target for data theft.
Safeguarding taxpayer data is a top priority for the IRS. It is the legal responsibility of government, businesses, organizations and individuals that receive, maintain, share, transmit or store taxpayers’ personal information. Taxpayer data is defined as any information that is obtained or used in the preparation of a tax return (e.g., income statements, notes taken in a meeting or recorded conversations). Putting safeguards in place to protect taxpayer information helps prevent fraud and identity theft and enhances customer confidence and trust.
This guide will help non-governmental businesses, organizations and individuals that handle taxpayer data to understand and meet their responsibility to safeguard this information. IRS e-file and paper return preparers, Intermediate Service Providers, Software Developers, Electronic Return Originators, Reporting Agents, Transmitters, their affiliates and service providers can use this guide to determine their data privacy and security needs and implement safeguards to meet them.
These safeguards will help you:
- Preserve the confidentiality and privacy of taxpayer data by restricting access and disclosure;
- Protect the integrity of taxpayer data by preventing improper or unauthorized modification or destruction; and
- Maintain the availability of taxpayer data by providing timely and reliable access and data recovery.
For a brief description of related laws and regulations, refer to the table in "Safeguarding Taxpayer Data, References to Applicable Laws and Regulations.” For references to standards and best practices, refer to the table in "Safeguarding Taxpayer Data, References to Applicable Standards and Best Practices.”
It is critical that we work in partnership to combat identity theft. Major software providers are required to report data thefts to the IRS. We urge individual tax preparers to notify their local IRS Stakeholder Liaison of any data theft to lessen the impact on clients and the tax system.