Skip to Content

October 31, 2014


Tax compliance and the security of sensitive information, part 2

In the first part of this post, we began discussing the issue of the confidentiality of sensitive and personal information submitted by taxpayers to the IRS.

We noted that a report recently issued by a key government watchdog agency found serious concerns with the performance of the IRS in safeguarding taxpayer data.

In this part of the post, we look in more detail at the findings of the report by the Treasury Inspector General for Tax Administration (TIGTA).

For more than four years, the IRS has been trying to develop a systematic solution to a problem of unauthorized access to information submitted by taxpayers to the IRS. This includes Social Security numbers, bank account numbers, dates of birth, e-mail addresses and even mothers’ maiden names.

When such information is not properly protected, it can put taxpayers at risk of identity theft and other forms of fraud.

The problem of unauthorized access is so pervasive that it has given rise to its own acronyms. One is DLP, for data loss prevention. Another is SPIDE, for Safeguarding Personally Identifiable Information Data Extracts (SPIDE).

As the TIGTA’s report discusses, there are many aspects to the IRS’s SPIDE initiative. For example, one area of focus is to do a better job of preventing IRS agents from inadvertently allowing disclosure of taxpayers’ personal information in e-mails.

There are also many other technical issues involved concerning the IRS’s information technology practices and procedures. The amount of digital data in IRS databases that can potentially be breached has continued to grow along with the increase in e-filing.

In addition, the IRS must now share large amounts of taxpayer data with health insurance officials. This is necessary in order to implement the Affordable Care Act.

At its heart, however, the issue of the security of taxpayer information handled by the IRS is much more than a technical one. Ultimately, it is about trust. If taxpayers doubt the ability of the IRS to properly safeguard their data, the lack of trust can substantially undermine tax compliance.

Source: Treasury Inspector General for Tax Administration, “While the Data Loss Prevention Solution Is Being Developed, Stronger Oversight and Process Enhancements Are Needed for Time Implementation Within Budget