The agency has conducted privacy impact assessments (PIAs) on less than half of its computer system and does not adequately monitor its own application of privacy laws, according to the report from the Treasury IG For Tax Administration.
“We attribute the missing PIAs to the lack of emphasis on privacy issues, and the decision to not require that all systems be certified and accredited,” the report states.
Thus, taxpayers’ identities are at a higher risk of being stolen and used unlawfully, the report found.
The IG recommended that IRS officials build a searchable database of PIAs with quarterly verifications on their accuracy and reinforce the importance of PIA case documentation.
The IG report recommended that officials review employee privacy training and assess whether IRS business units meet regulations.
Despite failures, the IRS’ Office of Privacy and Information Protection enhanced its privacy program in the past two years, according to the IG. Officials chaired a working group to review the issues and created an online privacy-training segment on its Web site.
The privacy office director is responsible for administering the privacy program. Its mission is to ensure that policies and programs incorporate taxpayer and employee privacy requirements and that sensitive information remains protected, secure and private.
Related Stories
- Spires to focus on IRS modernization (FCW.com, Sept. 28, 2006)
- Critics of proposed IRS rule raise privacy concerns (Federal Computer Week, April 17, 2006)
- Inspector general's report on privacy
Autor(en)/Author(s): Matthew Weigelt
Quelle/Source: Federal Computer Week, 04.10.2006