IRS' Security Program Requires Improvements To Protect Confidentiality of Income Tax Information

GGD-77-44: Published: Jul 11, 1977. Publicly Released: Jul 11, 1977.

Additional Materials:

Contact:

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The Internal Revenue Service (IRS) designed a security program to protect the confidentiality of tax data under its control. However, weaknesses in carrying out the program are widespread, and some essential procedures and controls are totally lacking.

Inadequate controls over computer operations afforded IRS employees and others many opportunities to unlawfully disclose tax data. Computer programmers could easily run an unauthorized program or make an unauthorized program change without detection. Controls were exercised inadequately over the IRS primary computerized data retrieval system. Employees were able to get unneeded tax data because IRS was not enforcing its policy of limiting employee access to only that data needed to perform official duties. IRS employees were also able to get unneeded tax data due to equipment shortages. There is the potential for unauthorized tax data disclosure due to IRS methods for assessing the integrity of employees and others having access to its facilities. Although the facility's physical features and guard services were adequate to deter general access by unauthorized persons to IRS facilities, other aspects of physical security were weak and precluded maximum protection of tax data. Thirty-two recommendations designed to correct specific weaknesses were made by GAO. IRS agreed with most of the recommendations.

Jan 14, 2021

Nov 18, 2020

Nov 9, 2020

Oct 19, 2020

Sep 23, 2020

Aug 31, 2020

Jun 29, 2020

Jun 16, 2020

May 1, 2020

Apr 30, 2020

  • tax icon, source: Eyewire

    Priority Open Recommendations:

    Internal Revenue Service
    GAO-20-548PR: Published: Apr 23, 2020. Publicly Released: Apr 30, 2020.

Looking for more? Browse all our products here