Taxes
TIGTA Says IRS Isn’t Properly Controlling Sensitive Tax Information
The report found that required tracking documents, such as Forms 3210, Document Transmittal, are not included with these shipments and/or not prepared properly.
Aug. 03, 2023
The IRS is not adhering to its own internal guidelines when sending large volumes of sensitive taxpayer information to and from its tax processing centers, according to a new report from the Treasury Inspector General for Tax Administration, the watchdog entity that oversees the nation’s tax agency.
Specifically, the report found that required tracking documents, such as Forms 3210, Document Transmittal, are not included with these shipments and/or not prepared properly. For example, during the period August to November 2022, TIGTA conducted on-site inspections of 31 incoming packages with large quantities of sensitive taxpayer information received via private delivery carrier at the Tax Processing Centers. Twenty-two of the 31 packages did not include copies of the completed Forms 3210. Further, TIGTA conducted inspections of 40 packages with large volumes of sensitive taxpayer information that were ready for shipment from the Tax Processing Centers via private delivery carrier.
Thirty-nine of the 40 packages did not include copies of the completed Forms 3210. Further, Submission Processing Files function managers at the three Tax Processing Centers are not completing the required quarterly audits of the Forms 3210 Acknowledgment process to ensure compliance with internal guidelines.
TIGTA made five recommendations including that the Commissioner, Wage and Investment Division, should ensure that
the Form 3210 is completed and included in all packages so actions can be taken to protect taxpayers when a shipment is lost; and ensure that Submission Processing Files function managers conduct quarterly audits of the Forms 3210 Acknowledgment process. Further, the Chief Privacy Officer, Privacy, Governmental Liaison, and Disclosure, should revise internal guidelines to reflect that losses associated with a business are not categorized as low risk automatically and provide notification for business data losses categorized as high risk.
The full TIGTA report can be viewed at https://www.tigta.gov/reports/list.