IRS' Security Program Requires Improvements To Protect Confidentiality of Income Tax Information

GGD-77-44: Published: Jul 11, 1977. Publicly Released: Jul 11, 1977.

Additional Materials:

Contact:

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The Internal Revenue Service (IRS) designed a security program to protect the confidentiality of tax data under its control. However, weaknesses in carrying out the program are widespread, and some essential procedures and controls are totally lacking.

Inadequate controls over computer operations afforded IRS employees and others many opportunities to unlawfully disclose tax data. Computer programmers could easily run an unauthorized program or make an unauthorized program change without detection. Controls were exercised inadequately over the IRS primary computerized data retrieval system. Employees were able to get unneeded tax data because IRS was not enforcing its policy of limiting employee access to only that data needed to perform official duties. IRS employees were also able to get unneeded tax data due to equipment shortages. There is the potential for unauthorized tax data disclosure due to IRS methods for assessing the integrity of employees and others having access to its facilities. Although the facility's physical features and guard services were adequate to deter general access by unauthorized persons to IRS facilities, other aspects of physical security were weak and precluded maximum protection of tax data. Thirty-two recommendations designed to correct specific weaknesses were made by GAO. IRS agreed with most of the recommendations.

Sep 6, 2017

May 18, 2017

May 17, 2017

Apr 27, 2017

Apr 26, 2017

Mar 8, 2017

Jan 31, 2017

Jan 27, 2017

Jan 9, 2017

Sep 13, 2016

Looking for more? Browse all our products here