LEN SMIGELSKI: Hi. I'm Len Smigelski.
I work for the IRS, and I'm here to help you.
No, really. I am.
The important work you do
often involves using federal tax information.
You need to understand the responsibilities
the law imposes on you to protect this information.
I hope this presentation helps you
to learn more about these obligations.
You see, public trust and confidence in the IRS
is a cornerstone of voluntary compliance.
If taxpayers can't comfortably share their private financial
and other personal information with us,
they are less likely to be completely forthcoming
in their dealings with the IRS.
You work for a contractor
with whom we share confidential information.
Several laws exist to protect that sensitive data.
These laws apply to IRS employees,
but they also apply to you, as well.
The laws impose serious responsibilities
on individuals with access to sensitive information
and can result in severe penalties if willfully violated.
The work you do may involve access
to federal tax information, or FTI, as we call it.
Perhaps you work with records protected by the Privacy Act
or other sensitive material.
Your work with these records
presents you with somewhat of a dilemma.
You must simultaneously protect
confidential information made available to you
while using and disclosing this same information
when necessary to do your job.
In this video, we'll review your responsibilities
so you can better understand and comply with them.
I'm going to take you on an abbreviated tour
of the "Protecting Federal Tax Information Pocket Guide,"
a handy document designed to assist you
in meeting those important obligations.
While you won't need a guide as you view this video,
it's easy to find online at www.IRS.gov.
You can order one from the publishing catalog.
First, we'll turn our attention to protecting tax records.
After all, as the nation's tax agency,
those are the records that we deal with most frequently.
As a receiver of FTI, you have the obligation
to protect federal tax returns and return information.
Section 6103 of the IRC
includes a very strict prohibition
that forbids you from disclosing tax information
unless allowed by statute.
To understand the law
that protects tax returns and return information,
it's important to know the legal definitions
of the terms "return" and "return information."
Whether you're working with a paper
or an electronic copy of a federal tax return,
regardless of the size of the return
or the media where the return is maintained,
you need to understand what's expected of you
when it comes to taking care of that federal return.
As you can see in this section of the guide,
the definition of "return information"
is broader and more encompassing.
It's a definition that some have ignored at their peril.
Return information, as the pocket guide explains,
means information from and about the return,
including identifying information
obtained from the return, and fact of filing.
This information may be anywhere in the workplace,
so you have to be very conscientious and deliberate
when doing work associated with the contract.
For example, while the need-to-know provisions
of the Internal Revenue Code
allow you to confer with other employees
and disclose return information
to understand or resolve a particular matter,
it's important to hold those discussions
in a secure environment,
not in the lobby, the cafeteria, or in the elevator.
It's also very important to note
that there must be an underlying business need
for the conversation.
There's no need for your co-workers
to hear about a matter
simply because a taxpayer is famous or wealthy.
Remember, we hold the public's trust and confidence,
and we cannot let them down.
So be careful with all sensitive data available to you.
The resources for safeguarding tax information
include not only the general rule and definitions
we just discussed,
but other authorities
that permit us to work with contractors.
This section also references the requirements
for safe handling, storage, and use of FTI.
These resources are the foundation
for communicating the legal responsibilities you have
for the FTI and other sensitive data in your care.
The overwhelming majority of IRS contractor employees
take their obligation to protect and safeguard
the sensitive information in their care very seriously.
Unfortunately, a few do not.
Whether motivated by money, feelings,
or simply tempted by mere opportunity,
some individuals decide to knowingly and willfully
access or disclose returns and return information.
That decision can be costly.
The penalties are both serious and severe,
as the pocket guide describes.
Willful unauthorized disclosure is a crime,
a felony for which the punishment can include fines,
imprisonment, and the cost of prosecution.
The fines for unauthorized access to FTI, or UNAX,
are also heavy.
The law also says that the injured party
can sue for civil damages in court.
Remember, these penalties apply
where the wrongful disclosure or access is intentional.
They do not apply when an employee makes a mistake.
We're only human, and mistakes sometimes occur.
But because we work with sensitive information
and bear the weight of the public trust
and public scrutiny, we need to be vigilant.
Here are some of the disclosure risks we've found
in IRS contractor reviews.
Employees without background checks
accessing sensitive information.
Absence of any awareness programs
to advise employees about their responsibilities.
Unrestricted access to sensitive information
in paper and on computer systems.
No audit trails in place
to document and monitor access to sensitive data.
Sensitive data processed on personally owned computers
without encryption or security controls.
And improper disposition of paper and electronic data,
both hard drives and portable storage media.
The pocket guide has a list of prevention tips
that will help you to avoid the most commonly reported errors.
The guide also tells you what you should do
to report both intentional
and inadvertent unauthorized disclosures.
Anytime there is a compromise to sensitive information,
including personally identifiable information,
the incident must be reported
to the IRS Incident Response Center, or CSIRC,
within one hour of detection.
I want you to know that you can contact the IRS with questions
about any particular disclosure situation through
the IRS Contracting Officer's Technical Representative,
or COTR, assigned to your project.
In closing, I'll leave you with this great advice
from our pocket guide.
"When in doubt, check it out before you give it out."