Skip to main content

Are Tax Practitioners Protecting Your Personal Information?

Posted on June 11, 2019

Doing your taxes can be complicated. So it’s no surprise that nearly 90% of taxpayers use either a paid preparer or tax software to prepare and file their taxes each year.

In an age of data breaches and identity theft, how safe is your information after you provide it to one of those third parties? We take a look in today’s WatchBlog.

How fraudsters target third parties

The information that you provide to your paid preparer or tax software package is a potential goldmine for identity thieves because it contains a lot of personal, financial, or federal tax information. Fraudsters may steal this information and use it to collect a fraudulent tax refund or commit other types of crimes.

How is IRS protecting sensitive taxpayer information?

IRS is required by law to protect sensitive financial and taxpayer information that resides on its systems. However, information held by third-party providers generally falls outside of these requirements.

IRS does have some information security controls for third-party providers. However, we found that its efforts don’t provide assurance that taxpayers’ information is being adequately protected. For example:

  • Paid Preparers: IRS seeks to help safeguard information through requirements it has for paid preparers that file returns electronically. However, the agency doesn’t have minimum information security requirements for the systems that paid preparers use because it would need explicit authority to regulate these systems, according to IRS officials.
  • Tax Software Providers: The providers that nearly all taxpayers use voluntarily adhere to a set of security standards, but these controls are not required. IRS also developed 6 standards for tax software providers that allow individuals to prepare their own tax returns (as opposed to using the software that paid preparers use). However, IRS hasn’t substantially updated these requirements since 2010, and they are, at least in part, outdated.

We suggested that Congress consider providing IRS with explicit authority to establish security requirements for paid preparers and others who participate in IRS’s program for e-filing tax returns.

We also made 8 recommendations to IRS to help improve its oversight of taxpayer’s information at third-party providers.

To learn more about our recommendations, check out our report.

Comments on GAO’s WatchBlog? Contact


Related Products

About Watchblog

GAO's mission is to provide Congress with fact-based, nonpartisan information that can help improve federal government performance and ensure accountability for the benefit of the American people. GAO launched its WatchBlog in January, 2014, as part of its continuing effort to reach its audiences—Congress and the American people—where they are currently looking for information.

The blog format allows GAO to provide a little more context about its work than it can offer on its other social media platforms. Posts will tie GAO work to current events and the news; show how GAO’s work is affecting agencies or legislation; highlight reports, testimonies, and issue areas where GAO does work; and provide information about GAO itself, among other things.

Please send any feedback on GAO's WatchBlog to