Guide for Contractors

To view this page ensure that Adobe Flash Player version 11.1.0 or greater is installed.

LEN SMIGELSKI: Hi. I'm Len Smigelski. I work for the IRS, and I'm here to help you. No, really. I am.

The important work you do often involves using federal tax information. You need to understand the responsibilities the law imposes on you to protect this information. I hope this presentation helps you to learn more about these obligations. You see, public trust and confidence in the IRS is a cornerstone of voluntary compliance. If taxpayers can't comfortably share their private financial and other personal information with us, they are less likely to be completely forthcoming in their dealings with the IRS.

You work for a contractor with whom we share confidential information. Several laws exist to protect that sensitive data. These laws apply to IRS employees, but they also apply to you, as well. The laws impose serious responsibilities on individuals with access to sensitive information and can result in severe penalties if willfully violated. The work you do may involve access to federal tax information, or FTI, as we call it. Perhaps you work with records protected by the Privacy Act or other sensitive material. Your work with these records presents you with somewhat of a dilemma. You must simultaneously protect confidential information made available to you while using and disclosing this same information when necessary to do your job.

In this video, we'll review your responsibilities so you can better understand and comply with them. I'm going to take you on an abbreviated tour of the "Protecting Federal Tax Information Pocket Guide," a handy document designed to assist you in meeting those important obligations. While you won't need a guide as you view this video, it's easy to find online at www.IRS.gov. You can order one from the publishing catalog.

First, we'll turn our attention to protecting tax records. After all, as the nation's tax agency, those are the records that we deal with most frequently. As a receiver of FTI, you have the obligation to protect federal tax returns and return information. Section 6103 of the IRC includes a very strict prohibition that forbids you from disclosing tax information unless allowed by statute. To understand the law that protects tax returns and return information, it's important to know the legal definitions of the terms "return" and "return information." Whether you're working with a paper or an electronic copy of a federal tax return, regardless of the size of the return or the media where the return is maintained, you need to understand what's expected of you when it comes to taking care of that federal return.

As you can see in this section of the guide, the definition of "return information" is broader and more encompassing. It's a definition that some have ignored at their peril. Return information, as the pocket guide explains, means information from and about the return, including identifying information obtained from the return, and fact of filing. This information may be anywhere in the workplace, so you have to be very conscientious and deliberate when doing work associated with the contract.

For example, while the need-to-know provisions of the Internal Revenue Code allow you to confer with other employees and disclose return information to understand or resolve a particular matter, it's important to hold those discussions in a secure environment, not in the lobby, the cafeteria, or in the elevator. It's also very important to note that there must be an underlying business need for the conversation. There's no need for your co-workers to hear about a matter simply because a taxpayer is famous or wealthy. Remember, we hold the public's trust and confidence, and we cannot let them down. So be careful with all sensitive data available to you. The resources for safeguarding tax information include not only the general rule and definitions we just discussed, but other authorities that permit us to work with contractors. This section also references the requirements for safe handling, storage, and use of FTI. These resources are the foundation for communicating the legal responsibilities you have for the FTI and other sensitive data in your care.

The overwhelming majority of IRS contractor employees take their obligation to protect and safeguard the sensitive information in their care very seriously. Unfortunately, a few do not. Whether motivated by money, feelings, or simply tempted by mere opportunity, some individuals decide to knowingly and willfully access or disclose returns and return information. That decision can be costly. The penalties are both serious and severe, as the pocket guide describes. Willful unauthorized disclosure is a crime, a felony for which the punishment can include fines, imprisonment, and the cost of prosecution. The fines for unauthorized access to FTI, or UNAX, are also heavy. The law also says that the injured party can sue for civil damages in court.

Remember, these penalties apply where the wrongful disclosure or access is intentional. They do not apply when an employee makes a mistake. We're only human, and mistakes sometimes occur. But because we work with sensitive information and bear the weight of the public trust and public scrutiny, we need to be vigilant. Here are some of the disclosure risks we've found in IRS contractor reviews. Employees without background checks accessing sensitive information. Absence of any awareness programs to advise employees about their responsibilities. Unrestricted access to sensitive information in paper and on computer systems. No audit trails in place to document and monitor access to sensitive data. Sensitive data processed on personally owned computers without encryption or security controls. And improper disposition of paper and electronic data, both hard drives and portable storage media. The pocket guide has a list of prevention tips that will help you to avoid the most commonly reported errors. The guide also tells you what you should do to report both intentional and inadvertent unauthorized disclosures. Anytime there is a compromise to sensitive information, including personally identifiable information, or PII, the incident must be reported to the IRS Incident Response Center, or CSIRC, within one hour of detection. I want you to know that you can contact the IRS with questions about any particular disclosure situation through the IRS Contracting Officer's Technical Representative, or COTR, assigned to your project.

In closing, I'll leave you with this great advice from our pocket guide. "When in doubt, check it out before you give it out."