U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Sensitive Tax Information Is Not Being Controlled Adequately When Shipping to and From Tax Processing Centers

Report Information

Date Issued
Report Number
2023-IE-R007
Report Type
Inspection / Evaluation
Joint Report
Yes
Participating OIG
Treasury Inspector General for Tax Administration
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View Report

Recommendations

The Commissioner, Wage and Investment Division, should remind employees to include required documentation that identifies specific taxpayers whose information is included in shipments of large volumes of sensitive tax information so actions can be taken to protect taxpayers when a shipment is lost.

The Commissioner, Wage and Investment Division, should remind employees to include the required Forms 3210 with all shipments of large volumes of sensitive taxpayer information.

The Commissioner, Wage and Investment Division, should ensure that Submission Processing Files function managers are informed of the requirement to perform quarterly audits of the Forms 3210 Acknowledgement process.

The Commissioner, Wage and Investment Division, should develop processes and procedures to ensure that the required quarterly audits of the Forms 3210 Acknowledgment process are performed in the Submission Processing Files function.

The Chief Privacy Officer, PGLD, should discontinue the practice of categorizing all business data breaches as low risk. In addition, for data breaches categorized as high risk, issue a notification letter to the business and place the data breach indicator on the business tax account.