IRS Struggles to Safeguard Taxpayer Data Handled by Contractors and Agencies.A recent report from the Government Accountability Office (GAO) highlights a significant issue within the Internal Revenue Service (IRS): its inability to oversee how contractors and other federal agencies handle taxpayer data.
IRS Struggles to Safeguard Taxpayer Data Handled by Contractors and Agencies
This deficiency in authority has raised concerns about the security and protection of sensitive taxpayer information, particularly in light of past incidents involving data leaks and unauthorized access.
The Legal Framework
Since the 1970s, Congress has mandated that the IRS must ensure that the taxpayer data it shares with other federal agencies for non-tax administrative purposes adhere to federal laws and regulations governing data protection. This sharing involves various federal departments, such as Education, Health and Human Services, Agriculture, Labor, the National Archive and Records Administration, the Office of Personnel Management, and the Social Security Administration. These sharing arrangements are authorized under IRS code section 6103.
While these agencies are expected to implement data protection measures and undergo inspections by IRS staff to ensure compliance, there’s a glaring issue. The IRS lacks the legal authority to conduct third-party inspections of agencies receiving data under section 6103. This deficiency leaves sensitive tax data potentially exposed and beyond the IRS’s oversight.
The only immediate recourse to address this issue involves voluntary memorandums of agreement between certain agencies. These agreements allow agencies to perform the inspections and oversight necessary for data security controls, similar to what they do for other agencies. However, this solution is temporary, and a more permanent fix requires legislative action in Congress.
IRS’s Plans for Improvement
The IRS has outlined plans to identify agencies receiving taxpayer information and determine an agency-specific approach for IRS oversight. However, the absence of a comprehensive system to identify all data-sharing agreements and a lack of implementation dates pose challenges to this effort.
Challenges in Policing Data Access
The IRS, being a massive agency, faces inherent difficulties in monitoring data access effectively. Identifying unauthorized access and inappropriate data handling is challenging, especially when employees access large datasets for research purposes.
Recent Actions Taken
To address unauthorized access and data security concerns, the IRS implemented several measures, including a new policy requiring senior-level approval for certain system access and cybersecurity awareness training for both staff and contractors.
Security Shortcomings and Data Exposures
Previous audits by the GAO and the Treasury’s Inspector General’s office identified deficiencies in security controls, such as data encryption at rest and security settings configuration. Some issues, like encryption, remain unresolved, and instances of sensitive taxpayer data exposure on the IRS’s website and leaks to news outlets have occurred.
While cybersecurity training has been completed by more than 97% of full-time staff, contractors’ training rates range from 66% to 74%. The IRS lacks specific training goals for contractors but restricts access for those who have not completed their training.
Contract Oversight Center
To enhance contractor oversight, the IRS is establishing a new contract oversight center that will provide further guidance and monitoring of its contractor base.
The GAO has made several recommendations to address these issues, including granting the IRS new authority to audit data security practices, improving monitoring of contractor access, establishing concrete training goals and metrics, and ensuring an up-to-date inventory of IRS systems storing taxpayer information.
Jeffrey Tribiano, deputy commissioner for operations support, acknowledges and agrees with 14 of the 15 GAO recommendations. However, specific timelines for implementation were not provided in the response.
The IRS’s lack of authority to monitor how contractors and other federal agencies handle taxpayer data is a pressing concern for data security and compliance with federal laws and regulations. Addressing these issues will require legislative action and ongoing efforts to enhance data protection and oversight within the agency.
- Major NSFAS Appointment to Enhance Communication Ahead of 2024
- How Much Pay NSFAS Allowances Will Be For December 2023
- How Does NSFAS Support Part-time Studies?
- NSFAS To Introduce New Funding Model For Students
- The NSFAS Denies A Crisis After Thousands Of Students Aren’t Paid
- NSFAS Spin Doctor Set to Become Spokesperson
- Is NSFAS On The Brink Of A Collapse? Unveiling the Challenges and Reforms
- NSFAS Applications For 2024 Will Open in 2024
- Executive Shakeup at NSFAS Sparks Controversy: Nongogo Axed Over FNB Tender Dispute
- NSFAS Revolutionizes Data Exchange Processes for Enhanced Student Financial Support
- NSFAS Addresses Concerns Raised by the South African Union of Students
- NSFAS 2024 Applications Set to Open Next Week: New Features and Guidelines
sassa1 week ago
Post Office Blocked Sassa Card After Suspected Fraud
blog3 weeks ago
NSFAS Application Status and Meaning 2023-2024
sassa1 week ago
You Can Now Apply for a Basic Income Grant of R999
NSFAS News1 hour ago
Nsfas Appeals For 2023 Now Open
sassa2 weeks ago
Here Some Changes In Old Age Pension Grant Payment Date for October 2023
sassa1 week ago
Here Some Changes In Old Age Pension Grant Payment Date for November 2023
sassa1 week ago
Finally New Grant of R999 for Basic Income Introduced
sassa2 months ago
Here Some Changes In Old Age Pension Grant Payment Date for September 2023