Taxpayer Confidentiality

Federal, state, and local agencies are authorized to receive from the Internal Revenue Service (IRS) information on taxpayers that they need to assist in their administration and enforcement of laws. These agencies are required to protect the confidentiality of the information they receive and to implement safeguards to prevent unauthorized access, disclosure, and use. This report discusses (1) which federal, state, and local agencies receive taxpayer information from IRS; (2) the type of information they receive; (3) how that information is being used; (4) what policies and procedures the agencies are required to follow to safeguard that information; (5) how often IRS is to monitor agencies' adherence to the safeguarding requirements; and (6) the results of IRS' most recent monitoring efforts.

GAO noted that: (1) there were 37 federal and 215 state and local agencies that received, or maintained records containing, taxpayer information under provisions of section 6103 during 1997 or 1998; (2) the information that agencies received included, among other things, the taxpayers' names, Social Security numbers, addresses, and wages; (3) the information came in a variety of formats; (4) some agencies received the information on a regular schedule; (5) others received the information on an as-needed basis, such as while conducting criminal investigations; (6) federal, state, and local agencies said they used taxpayer information for one of several purposes, such as administering state tax programs, assisting in the enforcement of child support programs, verifying eligibility and benefits for welfare and public assistance programs, and conducting criminal investigations; (7) before receiving taxpayer information from IRS, agencies are required to advise IRS how they intend to use the information and to provide IRS with a detailed safeguard plan that describes the procedures established and used by the agency for ensuring the confidentiality of the information they want to receive; (8) these safeguard plans are supposed to be updated every 6 years or if significant changes are made to the agencies' procedures; (9) agencies are also required to submit annual reports to IRS summarizing their efforts to safeguard taxpayer information and any minor changes to their safeguarding procedures; (10) in addition to providing IRS with safeguarding plans and annual reports, agencies' Offices of Inspector General may also review internal agency programs for safeguarding restricted or classified information; (11) IRS conducts on-site reviews to ensure that agencies' safeguard procedures fulfill IRS requirements for protecting taxpayer information; (12) IRS' National Office of Governmental Liaison and Disclosure, Office of Safeguards, has overall responsibility for safeguard reviews to assess whether taxpayer information is properly protected from unauthorized use or access as required by the Internal Revenue Code and to assist in reporting to Congress; (13) IRS' safeguard reviews have identified discrepancies in agency safeguard procedures and made recommendations for corrections; and (14) the reviews have uncovered problems with agency safeguarding procedures, ranging from inappropriate access to taxpayer information by contractor staff to administrative matters, such as the failure to properly document the disposal of information.