Obama Calls on IRS to Protect Taxpayers' Privacy
U.S. Senator Barack Obama (D-IL) today sent a letter calling on Internal Revenue Service Commissioner Mark Everson to fully account for the loss of computers containing sensitive taxpayer information, to audit vulnerabilities taxpayers face when they turn over personal information to the IRS, and to find a solution that protects taxpayers' privacy. The Washington Post reported last week that an Inspector General report found that "thousands of taxpayers could be at risk of identity theft or other financial fraud because the Internal Revenue Service has failed to adequately protect information on its 52,000 laptop computers and other storage systems" and that 500 IRS laptops that may have contained sensitive information were lost or stolen in a 3 ½ year period.
The text of the letter is below:
Dear Commissioner Everson:
When the federal government demands sensitive personal and financial information from taxpayers in order to assess or verify tax liability, the government has a duty to protect and safeguard that information.
And yet, as the Treasury Inspector General for Tax Administration reported last month, IRS officials have failed to respond adequately to the loss or theft of hundreds of computers containing sensitive information. The report notes that "it is likely that sensitive data for a significant number of taxpayers have been unnecessarily exposed to potential identity theft and/or other fraudulent schemes."
When ChoicePoint and Lexis/Nexis had security breaches in 2005, hundreds of thousands of consumers were at risk of having their personal information exposed and their identities stolen. Congress will not tolerate this level of potential exposure to privacy violations by the private sector and we cannot tolerate it by the IRS or any government agency. The federal government must be a good steward of the information with which we are entrusted, or we breach the trust that entitles us to require that information in the first place. Since Americans have no choice in sharing their personal information with the IRS, the IRS has an obligation to ensure that its data security system is foolproof and that their privacy is protected.
The job of the IRS is one of the most complicated in the federal government because our tax code is a mess and because Congress and the President rely on the IRS to administer many federal policies. You should be commended for your efforts to reduce the tax gap and to improve administration of the nation's single most effective anti-poverty program, the EITC. There's no question that most IRS employees work hard and want to do the right thing.
But let's not jeopardize the good work of the IRS by failing to address immediately the weaknesses that have been identified and working proactively to prevent similar problems in the future.
The IRS has reportedly adopted new security training, software, and hardware solutions to mitigate the risks of data loss in the future. These are welcome improvements. But, without exaggerating or downplaying the scope of the problems involved, we owe the American people answers. I am requesting that you provide to my office:
1) a fuller accounting of what went wrong and how it happened;
2) a general audit of taxpayer privacy vulnerabilities under current (or any proposed) IRS practices and procedures;
3) a clear reporting about what's being done to ensure that the problems are fixed and all significant security gaps are closed;
4) a plan to identify and remedy whatever harm may have come to the victims of lax IRS security, including the notification of taxpayers whose data security was compromised.
This information can and should be used to strengthen data security by the IRS and other federal agencies and to inform public policies related to data privacy.
I look forward to continuing to work on this issue with you. Please outline your findings, plans, and conclusions with regard to numbers 1-4 above and respond to my office within two weeks.