Taxpayer First Act: Data Security in the Identity Theft Tax Refund Fraud Information Sharing and Analysis Center

The Chief Information Officer should ensure that the appropriate updates are installed to timely remediate the **************************************************************************************************************************************************************.

The Commissioner, Wage and Investment Division, should update Exhibit D, Incident Reporting Procedures, in the memorandum of understanding between the IRS and the Trusted Third Party (TTP) by adding the Computer Security Incident Response Center (CSIRC) function as another primary point of contact to ensure that the TTP properly reports incidents/situations.

The Commissioner, Wage and Investment Division, should ensure that the Trusted Third Party (TTP) updates the tabletop exercise training to include the required data fields, i.e., the filename of data involved and the potential number of Federal Tax Information (FTI) records involved, and test whether the incident information can be produced as required by Exhibit D, Incident Reporting Procedures, in the memorandum of understanding between the IRS and the TTP.

The Commissioner, W&I Division, and the Chief, Privacy Officer, should coordinate with the Trusted Third Party (TTP) to ensure that the Privacy and Civil Liberties Impact Assessment (PCLIA) is updated to correctly reflect that the **************************** and that IRS employees have access to the data in the Identity Theft Tax Refund Fraud Information Sharing and Analysis Center (ISAC) and their access level.

The Commissioner, W&I Division, should ensure that the Information Sharing and Analysis Center (ISAC) alternate processing site is converted to a ****** that achieves the maximum tolerable downtime to prevent any filing season delays.