11.3.24 Disclosures to Contractors

Manual Transmittal

August 31, 2023

Purpose

(1) This transmits revised 11.3.24, Disclosure of Official Information, Disclosures to Contractors.

Material Changes

(1) IRM 11.3.24.1(3) and (4), Updated Program Scope and Objectives, to align the Program and Policy owner sections to be in line with all other Disclosure IRMs.

(2) IRM 11.3.24.1(5), Updated Program Scope and Objectives to align with the Primary Stakeholders section to conform with the internal controls requirement.

(3) IRM 11.3.24.1.1, renamed from Authority to Background to conform with internal controls requirement.

(4) IRM 11.3.24.1.2, added “Authority” to conform with internal controls requirement.

(5) IRM 11.3.24.1.4, Program Controls, were added in order to incorporate relevant internal controls. These items identify information about the program and procedures covered within this section.

(6) Reviewed and updated the IRM where necessary for the following types of editorial changes: legal citations, published forms and documents and web addresses.

Effect on Other Documents

This material supersedes IRM 11.3.24, Disclosure of Official Information, Disclosures to Contractors, dated March 17, 2020.

Audience

All Operating Divisions and Functions.

Effective Date

(08-31-2023)

Related Resources

The Disclosure and Privacy Knowledge Base.


Michael Oser
Acting Director, Governmental Liaison, Disclosure and Safeguards

Program Scope and Objectives

  1. Purpose: This IRM section provides instructions for assuring that IRS contracts involving the inspection or disclosure of Federal tax returns and return information under Internal Revenue Code (IRC) 6103(n), information covered by the Privacy Act of 1974 (Privacy Act), or documents classified as Sensitive But Unclassified (SBU) comply with all applicable laws, regulations and procedures.

  2. Audience: These procedures apply to all IRS employees in connection with official duties related to disclosures to contractors.

  3. Policy Owner: The Director of Governmental Liaison, Disclosure and Safeguards (GLDS) is responsible for oversight of Disclosure policy.

  4. Program Owner: The Disclosure office, under GLDS, is responsible for the Disclosure program and guidance. Each IRS organization is responsible for ensuring its employees are aware of and follow Servicewide Disclosure policy.

  5. Primary Stakeholders: All IRS business units and functions, that make disclosures of returns and return information to contractors.

  6. Initial contacts with contractors to engage their services and disclosures of tax information necessary in these circumstances are made pursuant to IRC 6103(k)(6) and are discussed in IRM 11.3.21, Investigative Disclosure.

  7. Business offices should structure procurement actions under the authority of IRC 6103(n) rather than under IRC 6103(k)(6). Persons receiving return information under IRC 6103(k)(6) are not subject to the civil and/or criminal penalties for unauthorized accesses or disclosures of return information. Further, IRC 6103(k)(6) does not apply safeguarding and penalty provisions.

Background

  1. IRC 6103(n) permits the Secretary of the Treasury, pursuant to regulations, to disclose returns and return information to any person, including persons described in IRC 7513(a), to the extent necessary in connection with procurement actions for tax administration purposes as defined in IRC 6103(b)(4), such as:

    • Equipment or other property or

    • Services relating to the processing, storage, transmission, and reproduction of returns and return information or

    • Support services relating to federal tax administration or

    • Services relating to the programming, maintenance, repair, testing of equipment or other property or

    • The providing of other services such as tow trucks, locksmiths, appraisers, court reporters and others

    Caution:

    For tax returns and return information, IRC 6103 preempts the Privacy Act. Disclosure of tax returns and return information is controlled by IRC 6103. Returns and return information may not be disclosed to a contractor unless the requirements of IRC 6103 are met (regardless of whether the Privacy Act authorizes disclosure). IRC 6103 requires special clauses to meet disclosure requirements of 6103(n).

    Caution:

    General nondisclosure clauses that may be used by procurement do not meet the special requirements of 6103(n) that are needed to authorize disclosure to a contractor. Refer to 11.3.24.2 for the special requirements that are needed in writing for contracts involving 6103 information.

  2. Title 26 Code of Federal Regulations (CFR) 301.6103(n)-1 provides that the IRS and the Office of Chief Counsel may disclose returns and return information to contractors pursuant to IRC 6103(n). The regulation also places certain limitations on the disclosures; these are defined in 26 CFR 301.6103(n)-1(b).

  3. For disclosure of non-tax Privacy Act records to a contractor, the Privacy Act (5 U.S.C. 552a) requires that either written permission of the person whose identifier the Privacy Act record is retrieved by or that one of the 12 statutory exceptions in section (b) of the Privacy Act must be met. One of the statutory exceptions is when a “routine use” that authorizes disclosure to a contractor is published in a Privacy Act system of records notice.

    1. If a Privacy Act system of records contains 6103 federal tax information (FTI), the system must state that returns and return information may only be disclosed as authorized by 6103. Paragraph (1) in this subsection explains what conditions must be met to authorize disclosure of 6103 information to a contractor.

    2. For non-tax Privacy Act records, the routine use must authorize disclosure to contractors and what conditions are required to authorize disclosure. Disclosures to contractors generally require Privacy Act Accounting that is explained in IRM 10.5.6 , Privacy Act.

    Caution:

    A contractor and its employees are not considered employees of the Department of the Treasury for purposes of 5 USC 552a. Therefore, Privacy Act protected records cannot be disclosed to contractors pursuant to 5 USC 552a(b)(1). Disclosures of such records to contractors may be made only if one of the statutory disclosure provisions applies. The most commonly applicable disclosure provisions are 1) a published “routine use” in the appropriate system of records notice, and 2) written consent to the disclosure from the individual whose records are at issue.

    Caution:

    A contractor and its employees are subject to the Privacy Act’s criminal penalties pursuant to 5 USC 552a(m)(1) if the contract is to operate a system of records for the agency. The IRS routinely includes disclosure prohibitions in contracts that authorize contractor access to Privacy Act protected records.

  4. IRS System of Records Notices are published on Treasury’s website at: https://home.treasury.gov/footer/privacy-act/system-of-records-notices-sorns.

  5. IRC 7513 authorizes the scanning and reproduction of any return, document, or other matter. Title 26 CFR 301.7513-1 details the safeguards in place to protect the scans and reproduced documents from unauthorized use and disclosure.

Authority

  1. The following items govern the authority to disclose return and return information to any person, including persons described in IRC 7513(a), to the extent necessary in connection with procurement actions for tax administration purposes as defined in IRC 6103(b)(4):

    • IRC 6103(n)

    • 26 CFR 301.6103(n)-1

    • Delegation Order 11-2 (Rev. 4), found in IRM 1.2.2.12.2, Authority to Permit Disclosure of Tax Information and to Permit Testimony or the Production of Documents

Roles and Responsibilities

  1. Disclosure, GLDS will support the Office of Procurement and other IRS functions by advising on disclosure law and policy.

  2. Privacy Policy and Compliance, PGLD, has a responsibility to review procurement solicitations involving Privacy Act records, approval of contracts per OMB A-108, as well as training clauses in contracts. Refer to IRM 10.5.6.2.4.1, Privacy Act Contract Requirements, for further information.

  3. Personnel Security, Human Capital Office has the responsibility for conducting investigative processing for contractors and their employees commensurate with the position risk level designation associated with the work to be performed. See IRM 10.23.2, Contractor Investigations.

  4. Cybersecurity, Information Technology (IT) administers policy for conducting mandatory security briefings for contractors. See IRM 10.8.2.2.1.18, IT Security Roles and Responsibilities, Contractor. Also see Internal Revenue Service Acquisition Policy (IRSAP) 1024.9001, Determination of Pre-Award Survey, which references IR1052.224-9001, Mandatory IRS Information Protection and Security Awareness Training Requirements (DEC 2018). In addition there is IRSAP PGI, 1024.9001, Determination of pre-award survey and Pub 4812, Contractor Security & Privacy Controls.

  5. Privacy Policy and Compliance, PGLD administers policy for mandatory privacy briefings for contractors. See the Personnel Engaged in Procurement Activities and Contractors sections of IRM 10.5.1, Privacy Policy.

  6. Chief, Procurement is responsible for awarding contracts involving the release of SBU information and complying with all applicable laws, regulations and procedures.

    Note:

    The Business Unit has the responsibility to assign a Contracting Officer’s Representative (COR) to each contract for oversight of the contract and contractor personnel, to ensure the proper handling and release of SBU data.

Program Controls

  1. Business Units are responsible for establishing and documenting the program controls developed to oversee their program as well as ensuring employee compliance with all applicable elements of this IRM.

Terms/Definitions/Acronyms

  1. The tables below list commonly used terms, definitions and acronyms used throughout this IRM section:

    Terms and Definitions

    Term Definition
    Contracting Officer’s Representative An individual designated and authorized in writing by the contracting officer to perform specific technical or administrative functions related to contracts.
    Department of the Treasury Acquisition Procedures Procedures issues to implement and supplement the Federal Acquisition Regulation (FAR) and the Department of the Treasury Acquisition Regulation (DTAR), providing internal IRS guidance.
    Federal Acquisition Regulation The codification and publication of uniform policies and procedures for acquisition by all executive agencies.
    Internal Revenue Service Acquisition Policy Policy issued to implement and supplement the Federal Acquisition Regulation (FAR) and the Department of the Treasury Acquisition Regulation (DTAR), providing internal IRS guidance.
    Procurement Actions Solicitations, contract awards, purchase orders, task orders, delivery orders, modifications, interagency agreements, blanket purchase agreements (BPAs), and simplified acquisitions.
    Routine Use The disclosure of a record for a purpose which is compatible with the purpose for which it was collected as described in the applicable Privacy Act System of Records.
    Sensitive But Unclassified Information Any information, the loss, misuse, or unauthorized access to or modification of which could adversely affect the national interest or the conduct of Federal programs, or the privacy to which individuals are entitled under the Privacy Act (5 U.S.C. 552a) but which has not been specifically authorized under criteria established by an executive order or an act of Congress to be kept secret in the interest of national defense or foreign policy.
    Statement of Work A generic term used to provide a description of the work to be performed by the contractor, including purchase descriptions, specifications, commercial item descriptions, or formal or voluntary standards. The SOW describes the agency’s requirements.
    System of Records A group of any records under the control of the Department (IRS) from which information is retrieved by the name of an individual, or by some other identifying number, symbol or particular assigned to an individual.
     

    Acronyms

    Acronym Definition
    CFR Code of Federal Regulations
    COR Contracting Officer’s Representative
    DTAP Department of Treasury Acquisition Procedures
    DTAR Department of Treasury Acquisition Regulation
    FAR Federal Acquisition Regulation
    FTI Federal Tax Information
    GLDS Governmental Liaison, Disclosure and Safeguards
    GRS General Records Schedules
    IPS Integrated Procurement System
    IRC Internal Revenue Code
    IRSAP Internal Revenue Service Acquisition Policy
    IT Information Technology
    NARA National Archive and Records Administration
    NDA Non-Disclosure Agreement
    PGI Procedures, Guidance and Information
    PGLD Privacy, Governmental Liaison and Disclosure
    RCS Records Control Schedules
    SBU Sensitive But Unclassified
    SORN System of Records Notice
    SOW Statement of Work
    USC United States Code

Related Resources

  1. Additional sources of guidance on disclosures of official information and disclosures to contractors may also be found at these related resources:

    • IRM 11.3 series, Disclosure of Official Information

    • Disclosure and Privacy Knowledge Base

    • IRM 10.5.6.2, Privacy Act General Provisions (formerly IRM 11.3.14)

    • IRM 11.3.21, Investigative Disclosure

Requirements

  1. In accordance with 26 CFR 301.6103(n)-1(d), contractors, agents, and subcontractors receiving tax information from the IRS are required to inform their employees, in writing, of the criminal and civil penalty provisions for violations of IRC 7213, IRC 7213A, and IRC 7431.

  2. 26 CFR 301.6103(n)-1(e) requires that safeguard provisions be included in procurement actions involving the disclosure of returns and return information under IRC 6103(n):

    1. Subcontractors and agents of the contractor are held to the same provisions, restrictions and penalties as the primary contractor.

    2. Safeguards for the subcontractors and agents are to be included in their contracts verbatim as contained in the primary contract for work.

  3. 26 CFR 301.7513-1 establishes safeguard requirements for contractors who process and reproduce films or photo impressions.

  4. The FAR, subpart 1.602-1(b), provides that no contract shall be entered into unless the contracting officer ensures that all requirements of law, executive orders, regulations, and all other applicable procedures, including clearances and approvals, have been met.

  5. FAR part 24.102(b) implements the provisions of the Privacy Act. Contractors and their employees who contract for the design, development, operation, or maintenance of a system of records on individuals, on behalf of the IRS to accomplish an IRS function, are considered employees of the agency and are subject to the civil and criminal penalty provisions for violations of the Privacy Act.

    1. Pursuant to FAR, subpart 24.103(b)(1), the contracting officer will ensure that the contract work statement specifically identifies the system of records on individuals and the design, development, or operation work to be performed.

  6. Internal Revenue Service Acquisition Policy (IRSAP) Part 1004, Administrative Matters and IRSAP Part 1024, Protection of Privacy and Freedom of Information, provide instructions with respect to procedures to be followed where contractual procurement will be subject to the Privacy Act, the provisions of IRC 6103(n) or where access by a contractor to Sensitive But Unclassified material is contemplated.

  7. For more on Privacy Act contract requirements, see IRM 10.5.6.2.4.1(3)-(5), Privacy Act Contract Requirements.

Disclosure of Returns and Return Information to Vendors and Expert Services

  1. To enable vendors to fully evaluate the parameters of the work involved when invited to submit a quote, proposal, or bid for a specific requirement, it may become necessary to provide them access to Federal tax returns, return information, or other SBU data at the solicitation phase of an acquisition. In such cases, the written solicitation must conform to the requirements of the IRSAP and incorporate the appropriate safeguarding provisions and Privacy Act clauses.

  2. IRS CORs will ensure full recovery of all SBU data immediately upon completion of its necessitated use during the solicitation stage. Care should be exercised to place a limited time-frame on the length of time it takes for the bidder(s) to use the SBU data.

  3. Under 26 CFR 301.7602-1(b)(3), service contractors to the IRS or the Office of Chief Counsel may receive books, papers, records, or other data summoned by the IRS.

    Note:

    The Taxpayer First Act signed into law on July 1, 2019, amends section 7602, adding subsection (f) Limitation on Access of Persons other than Internal Revenue Service Officers and Employees. The IRS will not provide any books, papers, records, or other data obtained under this section to any person authorized under section 6103(n), except when such person requires such information for the sole purpose of providing expert evaluation and assistance to the IRS. The legislative history of section 7602(f) indicates the new provision is not intended to restrain the IRS from continuing to use court reporters, translators or interpreters, photocopy services, and other similar ancillary contractors. No person other than an officer or employee of the IRS or the Office of Chief Counsel may ask substantive questions of a summoned witness under oath. Court reporters and translators or interpreters may continue to perform their usual roles in summons interviews.

Disclosure of Returns and Return Information to Students/Trainees

  1. The IRS occasionally hires trainees through participation in certain work programs. Some of the students/trainees are of the "direct-hire" while others are of the "hosting" type.

  2. "Direct-hire" trainees are employed and paid by the IRS and their right of access to returns or return information, when required as part of their duties, is the same as for other IRS employees. See IRC 6103(h)(1).

  3. "Hosting" trainees are hired and paid by non-Treasury Department organizations and assigned by these organizations to the IRS for training. They may not be given access to tax returns or return information or information governed by the Privacy Act.

    Note:

    If these trainees qualify as "students" under IRM 11.3.24.3.1(4), those rules will govern.

  4. Uncompensated student volunteers have been deemed by statute (5 U.S.C. 3111) to be Treasury and/or IRS employees for purposes of both the Privacy Act and IRC 6103. As such, disclosures are permissible. However, the student must meet the following criteria.

    • Qualify as a Student - A student is defined as "an individual who is enrolled, not less than half-time, in a high school, trade school, technical or vocational institute, junior college, college, university, or comparable recognized educational institution." Individuals from high schools or above who participate in a formal program with the IRS as part of their curriculum are considered student volunteers. To qualify, they must obtain the permission of the institution where they are enrolled as part of a program to provide educational experiences for students. They must be "uncompensated" and may not be used to displace any employee. Counsel has clarified the definition of uncompensated. Student volunteers compensated by other than Federal funds are considered uncompensated for 5 U.S.C. 3111 purposes.

      Note:

      Volunteers from other organizations or welfare to work programs do not qualify for access to IRC 6103 or Privacy Act data.

Disclosure of Returns and Return Information to Assistors of Disabled Employees

  1. The IRS hires a considerable number of disabled employees. To effectively use the skills of these individuals it is often necessary that they be assisted by non-IRS personnel. Several Federal, state and local agencies provide assistors at no cost to the IRS.

  2. Under 5 U.S.C. 3102(b), these assistors can be "hired" by IRS and are permitted to have access to returns or return information, under IRC 6103(h)(1), subject to its requirements, even if they are uncompensated by IRS.

Disclosure of Return Information to Title Search Companies

  1. The IRS procures the vast majority of title searches by use of contracts or purchase orders pursuant to IRC 6103(n).

  2. When low volume, rare, exigent circumstances exist, purchase cards may be used, rather than contracts or purchase orders, to procure title searches. See the Restricted Purchase List for more information. The disclosures will be pursuant to IRC 6103(k)(6), investigative disclosures, and the IRS business office/unit must:

    1. Incur very few needs for title searches on a monthly basis

    2. Demonstrate that vigorous, real effort has been made to procure a contract for title searches and

    3. Thoroughly document that no company contacted is willing (obtain written refusal where possible) to enter such a contract

    Note:

    Every effort should be made to locate a vendor (or vendors) who will enter into a contractual agreement (purchase order) to provide title searches upon request, for a specified geographical area.

    Caution:

    See IRM 11.3.24.1 for more information on the use of IRC 6103(k)(6).

Appraisers, Court Reporter and Interpreter Services

  1. Procurement actions involving the use of appraisers, court reporters, interpreters, and others must follow the contract requirement provisions for Privacy Act, statutes governing release of returns and return information, and SBU data found elsewhere in this IRM.

  2. Business units should email *Privacy for assistance with procurements involving Privacy Act and SBU data.

  3. It is important that the system of records notice routine use contains the appropriate language to permit disclosing Privacy Act records to a contractor. See IRM 11.3.24.1.1(3).

Contracts Involving Disclosure of Other "Sensitive But Unclassified Information" (SBU) or formerly Official Use Only Documents

  1. Other SBU information, not Privacy Act or return information, may be disclosed to contractors when it is determined that such access is necessary to properly perform assigned tasks.

  2. This other type of SBU material is that information not protected by either the Privacy Act or the statutes governing release of returns and return information.

    Note:

    Examples of this type of SBU information includes, but is not limited to: IRMs, training guides, memoranda, reports, testimony, deliberations, maps, drawings, schematics, plans, assessments, etc.

  3. SBU documents are the property of the IRS, and are construed to be "a thing of value" protected by statute (18 U.S.C. 641, as modified by 18 U.S.C. 3571).

  4. Access to SBU documents will not be routinely granted to contractors. Each case must be decided on its own merit, with the needs of the IRS being the foremost consideration.

    Note:

    See IRM 10.23.2.17.1, Execution of Non-Disclosure Agreement (NDA), for an example of an NDA.

  5. For more information, refer to the SBU Data section of IRM 10.5.1, Privacy Policy and the Staff-Like Access section of IRM 10.23.2, Contractor Investigations.

Disclosure of Return Information to Whistleblowers

  1. Under IRC 6103(n), IRC 7623, and 26 CFR 301.6103(n)-2, Disclosure of return information in connection with written contracts among the IRS, whistleblowers, and legal representatives of whistleblowers, IRS employees are authorized to disclose return information to a whistleblower and their legal representative, to the extent necessary in connection with a written contract between the Internal Revenue Service (IRS), the whistleblower and their legal representative, for services relating to the detection of violations of the internal revenue laws or related statutes.

  2. Disclosures may include, but are not limited to, disclosures to obtain information related to the subject of the whistleblower’s claim that is otherwise unavailable, similar in nature to disclosures under IRC 6103(k)(6) and the applicable regulations.

  3. Upon written request by a whistleblower, or a legal representative of a whistleblower, with whom the IRS has entered into a written contract for services as described in 26 CFR 301.6103(n)-2(a)(1), the Director of the Whistleblower Office, or designee of the Director, may inform the whistleblower and, if applicable, the legal representative of the whistleblower of the following:

    • The status of the whistleblower's claim for award under section 7623

    • Whether the claim is being evaluated for potential investigative action, or

    • Whether the claim is pending due to an ongoing examination, appeal, collection action, or litigation

    Note:

    The information may be disclosed only if the IRS determines that the disclosure would not seriously impair Federal tax administration.

  4. Any whistleblower, or legal representative of a whistleblower, who receives return information under this section, is subject to the civil and criminal penalty provisions of IRC 7431, 7213, and 7213A for the unauthorized inspection or disclosure of the return information.

Destruction of Returns and Return Information

  1. Contracts for the destruction of tax information falls within the scope of IRC 6103(n).

    1. A contractual agreement, in compliance with IRC 6103(n), is required if tax information to be destroyed does not remain in sealed containers or is otherwise protected from view by the contractor during the destruction process

  2. IRSAP 1052.224-9000, Safeguards Against Unauthorized Disclosure of Sensitive but Unclassified Information (current IRSAP), should be included when procuring services for the destruction of sensitive but unclassified information. See IRSAP 1024.9001, Determination of Pre-Award Survey, which references IR1052.224-9000, Safeguards Against Unauthorized Disclosure of Sensitive but Unclassified Information (current IRSAP). In addition there is IRSAP PGI 1024.9001, Determination of pre-award survey.

  3. Ensure IRS records, hard copy and electronic including those containing SBU data, are managed appropriately and in accordance with Document 12990, Records and Information Management Records Control Schedules (RCS), and Document 12829, General Records Schedules (GRS). Document 12829 as approved records disposition by the National Archives and Records Administration (NARA) to prevent unauthorized/unlawful destruction of records. Refer to IRM 1.15, Records and Information Management series for further records retention guidance.