In an age of data breaches and identity theft, how safe is your information after you provide it to one of those third parties? We take a look in today’s WatchBlog.
How fraudsters target third parties
The information that you provide to your paid preparer or tax software package is a potential goldmine for identity thieves because it contains a lot of personal, financial, or federal tax information. Fraudsters may steal this information and use it to collect a fraudulent tax refund or commit other types of crimes.
How is IRS protecting sensitive taxpayer information?
IRS is required by law to protect sensitive financial and taxpayer information that resides on its systems. However, information held by third-party providers generally falls outside of these requirements.
IRS does have some information security controls for third-party providers. However, we found that its efforts don’t provide assurance that taxpayers’ information is being adequately protected. For example:
- Paid Preparers: IRS seeks to help safeguard information through requirements it has for paid preparers that file returns electronically. However, the agency doesn’t have minimum information security requirements for the systems that paid preparers use because it would need explicit authority to regulate these systems, according to IRS officials.
- Tax Software Providers: The providers that nearly all taxpayers use voluntarily adhere to a set of security standards, but these controls are not required. IRS also developed 6 standards for tax software providers that allow individuals to prepare their own tax returns (as opposed to using the software that paid preparers use). However, IRS hasn’t substantially updated these requirements since 2010, and they are, at least in part, outdated.
We suggested that Congress consider providing IRS with explicit authority to establish security requirements for paid preparers and others who participate in IRS’s program for e-filing tax returns.
We also made 8 recommendations to IRS to help improve its oversight of taxpayer’s information at third-party providers.
To learn more about our recommendations, check out our report.