Audit: IRS Contractor Policy Puts Taxpayer Data At Risk
July 7, 2010
| 10:09 AM
The Internal Revenue Service risked disclosing taxpayer information when it failed to identify contractors that had access to financial records and to fix known security weaknesses at facilities where files are stored, Nextgov.com reported.
According to an audit released Tuesday by the Treasury Inspector General for Tax Administration, the IRS did not identify all the vendors that store and process taxpayer data, making it impossible to complete annual security reviews. In addition, at facilities where the IRS did conduct reviews, it failed to check if weaknesses it had identified were corrected.
The IRS provides many contractors with taxpayer data to help it manage the federal tax system. Technology companies also operate information systems that allow users access to the agency's network. Although contractors must comply with the security control requirements the National Institute of Standards and Technology issues for protecting sensitive data, the IRS is responsible for ensuring contractors comply by conducting annual reviews. Currently, all IRS components compile and submit a list of contractors that have access to tax records.
"This process was not effective at identifying all contractors who have been provided IRS taxpayer data," said the inspector general, who noted two cases in which contractors with access to tax records were not among those that were identified as requiring a security review.
Also, in fiscal 2009, the IRS made 1,396 procurement requests that required access to tax data, but due to a heavy workload it failed to review the requests to determine if contractors were provided taxpayer data, which would have required the agency to conduct an annual security review. To read more, click here.
Join the Discussion
The National Journal Group has the right (but not the obligation) to monitor the comments and to remove any materials it deems inappropriate.
Comments powered by Disqus