[Dataloss] IG: IRS not doing enough to safeguard taxpayers' privacy

ziplock ziplock at pogowasright.org
Wed Oct 4 14:28:02 EDT 2006


http://www.fcw.com/article96322-10-04-06-Web

BY Matthew Weigelt
Published on Oct. 4, 2006


The Internal Revenue Service has not done enough to protect the privacy of
more than 130 million taxpayers, according to a Treasury Department
Inspector General's report released Oct. 3.

The agency has conducted privacy impact assessments (PIAs) on less than
half of its computer system and does not adequately monitor its own
application of privacy laws, according to the report from the Treasury IG
For Tax Administration.

The E-Government Act of 2002 and IRS guidelines require every computer
system or project that collects personal information to have a current PIA
on file with the agency’s privacy office. As of August 2005, the IG could
not find PIAs for 130 of the 241 IRS computers systems that collect the
sensitive information, according to the report.

“We attribute the missing PIAs to the lack of emphasis on privacy issues,
and the decision to not require that all systems be certified and
accredited,” the report states.

Thus, taxpayers’ identities are at a higher risk of being stolen and used
unlawfully, the report found.

The IG recommended that IRS officials build a searchable database of PIAs
with quarterly verifications on their accuracy and reinforce the
importance of PIA case documentation.

The IG report recommended that officials review employee privacy training
and assess whether IRS business units meet regulations.

Despite failures, the IRS’ Office of Privacy and Information Protection
enhanced its privacy program in the past two years, according to the IG.
Officials chaired a working group to review the issues and created an
online privacy-training segment on its Web site.

The privacy office director is responsible for administering the privacy
program. Its mission is to ensure that policies and programs incorporate
taxpayer and employee privacy requirements and that sensitive information
remains protected, secure and private.




More information about the Dataloss mailing list