Tax Update Blog: Permalink
« Previous · Tax Update Blog Home · Next »
DATA SECURITY FLAWS: A CORE GOVERNMENT FUNCTION?
March 28, 2008
Opponents of the use of private debt collection agencies say that private companies just can't be trusted to protect taxpayer data. Both the IRS and the two private debt collection agencies in the IRS private collection private program were recently audited by the Treasury Inspector General for Tax Administration. See if you can identify which statement from the TIGTA reports is about the IRS itself, and which refers to the private contractors:
Statement 1:TIGTA reviewed the computer security controls over taxpayer data... and determined that the controls were adequate. In particular, files were securely transmitted... and adequately secured on the... systems. In addition, workstations used by... collection personnel were adequately controlled to prevent unauthorized copying of taxpayer information to removable media or transfer via email. The... also maintained adequate audit trails and performed periodic reviews, including reviews to identify unauthorized access to taxpayer data.
Statement 2:As of October 25, 2007,... still needed to complete 328 (65 percent) of the 508 required risk assessments and 293 (68 percent) of the 432 required compliance reviews. Also,... had not maintained sufficient information to evaluate the overall... physical security program.Records of physical security reviews were not properly maintained and, in some instances, records were either lost or misplaced. In addition, management reports used to monitor completion of the reviews were incomplete. Due to these program weaknesses,... cannot provide adequate assurance that the necessary controls are in place to protect employees, facilities, and taxpayer data.
If you have been listening to the Colleen Kelley (right), head of the Treasury employees union, you'd have no doubt that the IRS is the high-performing, security-conscious outfit in Statement 1, and the private collectors were the lax, careless custodians of confidential information. And you'd be exactly wrong.
It's not that surprising, really. We trust the private sector with important confidential information every day, and we shouldn't be surprised when they have systems in place to protect their data. After all, their business depends on it.
Nor should we be shocked when civil service employees, backed by an aggressive union and protected by elaborate due process procedures for employee discipline, working for an agency that will never go out of business, might sometimes be less than obsessive about protecting customer data.
Links to TIGTA highlights:
PRIVATE COLLECTION AGENCIES ADEQUATELY PROTECTED TAXPAYER DATA
Actions Are Needed to Improve the Effectiveness of the Physical Security Program
Bookmark: del.icio.us • Digg • reddit
Tax Updates
Subscribe to Tax Updates
The items included in the Tax Update Blog are informational only and are not meant as tax advice. Consult with your tax advisor to determine how any item applies to your situation.
Joe Kristan writes the Tax Update items, and any opinions expressed or implied are not neccesarily shared by anyone else at Roth & Company, P.C. Address questions or comments on Tax Updates to
Search Tax Updates
Friends and Neighbors
Economics Nerds
Hard-Core Tax Nerds
Gigablogs
Insurance Folk
Goners
Legislation
Tax Update Data Feeds
