Is your Data safe with the IRS? December 20, 2013 As with all things in the digital age, your data may not be a safe as it seems. And that includes when it is in the hands of the IRS. According to a recently published report by the Treasury Inspector General for Tax Administration (TIGTA), the IRS could do a lot better to correct security weaknesses for their accounting technologies and implement proper corrective strategies. The report, titled “Improved Controls Are Needed to Ensure That All Planned Corrective Actions for Security Weaknesses Are Fully Implemented to Protect Taxpayer Data,” is the product of a statutory requirement to ensure that that IRS technology has sufficient security measures in place. The report functions like an annual review (or audit) of the ever-changing technology of the IRS. View the report by clicking here. TIGTA found that IRS management of planned corrective actions (PCA) was both poorly developed and poorly managed. The report states, “During our audit, TIGTA determined that eight (42 percent) of 19 PCAs that were approved and closed as fully implemented to address reported security weaknesses from prior TIGTA audits were only partially implemented. These PCAs involved systems with taxpayer data.” One example of a PCA that was underdeveloped was a routine scan of servers containing sensitive taxpayer information. This is the equivalent of never scanning your computer for viruses, since some viruses are coded specifically to steal identity related information. The report did provide, however, a few reasons for these malfunctions: IRS changing the scanning tool for its systems, which required additional time for organizational approval and the need to ensure that useable information was generated by those tools systems development constraints the need for the IRS to minimize the impact of system changes to its users So, what can the IRS do better? Strengthen its PCA oversight processes, train employees to better utilize the corrections system and ensure that closed PCAs have been closed because the task was successfully accomplished. And what are steps you can take to protect your persona data? It goes without saying that with so much of our information out there in cyberspace, constantly monitoring how our data might be used is no longer a luxury, but a necessity. John Naughton of The Guardian has a list of 10 crucial steps to take in the age of cyber data. Click here for the article. For more information or specific questions contact Michael J. Agetstein, CPA, PFS, Shareholder and Chair of the Tax Department.