The Internal Revenue Service announced on December 1 the launch of a new online tool that will allow taxpayers to view and pay their account balances online.
Before using the tool, taxpayers must authenticate their identities through a Secure Access process. This is a two-step authentication process, which means returning users must have their credentials (username and password) plus a security code sent as a text to their mobile phones.
This comes after the news of IRS employees jeopardizing sensitive taxpayer information.
According to a report released by the Treasury Inspector General for Tax Administration (TIGTA), IRS employees sent hundreds of unencrypted emails containing personal taxpayer information. Some employees even used personal email accounts for conducting official agency business.
TIGTA’s startling report begs the question: if almost half of IRS employees have a history of exposing taxpayer information, and don’t even follow the laws put in place by their own agency to prevent that from happening, then why should Americans trust the IRS with collecting their sensitive information with a new, internet-based tool?
A random sample of emails from employees in the Small Business/Self-Employed (SB/SE) Division found that 49 percent of employees sent 326 unencrypted emails containing 8,031 different taxpayers’ personal/tax-return information. This information was sent internally to other IRS employees or externally to non-IRS email accounts.
TIGTA found 51 unencrypted emails that contained taxpayer information that were sent to non-IRS email accounts.
Not only did these employees fail to follow the Internal Revenue Manual requirements, but they risked exposing sensitive personal and tax information to unauthorized individuals.
Personally Identifiable Information or PII, as listed in the Internal Revenue Manual, is defined as “a specific type of sensitive information which may include tax return and return information.”
According to the IRS’s own website, the agency states that they are “committed to protecting the privacy rights of America’s taxpayers,” and that these rights are “protected by the Internal Revenue Code, the Privacy Act of 1974, the Freedom of Information Act, and IRS policies and practices.”
Moreover, the Senior Agency Official for Privacy has “overall responsibility and accountability” for ensuring the agency’s implementation of information privacy protections, including the agency’s full compliance with federal laws, regulations, and policies relating to information privacy.
These laws are in place to protect taxpayers’ privacy and information because, otherwise, they are at a greater risk for experiencing identify theft. And according to an August 2016 press release from TIGTA, the IRS isn’t even providing enough assistance to taxpayers who are victims of employment-related identity theft.
Wouldn’t it be more appropriate for the IRS to get its existing tools right instead of wasting taxpayer money on new ones? It’s 2016; one would think that it would be pretty hard for people to mess up something as simple and straightforward as email, especially when those emails contain something as sensitive and private as financial information.
It is beyond time that the IRS takes responsibility for its actions and is held accountable for following the laws and practices it claims to hold itself to in order to avoid anymore thoughtlessness.