IRS' Security Program Requires Improvements To Protect Confidentiality of Income Tax Information

GGD-77-44: Published: Jul 11, 1977. Publicly Released: Jul 11, 1977.

Additional Materials:

Contact:

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The Internal Revenue Service (IRS) designed a security program to protect the confidentiality of tax data under its control. However, weaknesses in carrying out the program are widespread, and some essential procedures and controls are totally lacking.

Inadequate controls over computer operations afforded IRS employees and others many opportunities to unlawfully disclose tax data. Computer programmers could easily run an unauthorized program or make an unauthorized program change without detection. Controls were exercised inadequately over the IRS primary computerized data retrieval system. Employees were able to get unneeded tax data because IRS was not enforcing its policy of limiting employee access to only that data needed to perform official duties. IRS employees were also able to get unneeded tax data due to equipment shortages. There is the potential for unauthorized tax data disclosure due to IRS methods for assessing the integrity of employees and others having access to its facilities. Although the facility's physical features and guard services were adequate to deter general access by unauthorized persons to IRS facilities, other aspects of physical security were weak and precluded maximum protection of tax data. Thirty-two recommendations designed to correct specific weaknesses were made by GAO. IRS agreed with most of the recommendations.

Sep 13, 2016

Sep 6, 2016

Jul 29, 2016

Jul 7, 2016

Jun 27, 2016

Jun 23, 2016

Apr 19, 2016

Apr 13, 2016

Apr 7, 2016

Mar 28, 2016

Looking for more? Browse all our products here