The Internal Revenue Service needs to improve the security of a Web portal used by tax preparers to electronically file tax returns and submit and retrieve other tax-related information, according to a new report.
The
The report also found that the IRS does not consistently follow its own procedures for approving e-file applicants who have failed criminal background checks. The IRS also does not require complex user passwords because it wants to make the portal user-friendly and accommodate tax preparation firms, the report found.
Taxpayers entrust the IRS with their sensitive financial and personal data and expect the IRS to protect these data from unauthorized disclosure, said TIGTA Inspector General J. Russell George in a statement. It is imperative that the IRS take appropriate measures to minimize the risk of misuse of or unauthorized access to taxpayers' personal tax data.
TIGTA recommended that the IRS conduct a suitability check on delegated users who e-file tax returns, specify that the IRS Criminal Investigation Division has the final authority on whether to allow an e-file applicant with a criminal record, and require stronger passwords.
In response to the report, the IRS agreed to conduct suitability checks on delegated users, create an executive review board to assess whether to deviate from the IRS Criminal Investigation Division's decisions, and to require more complex passwords.
However, the IRS did not agree that the Criminal Investigation Division recommendation on e-file applicants who fail criminal background checks should be the final determining factor in the suitability process. We believe consideration of other factors beyond the applicants criminal history, such as the nature of the offense involved and the length of time since the offense occurred, results in better and fairer e-file applicant suitability decisions, wrote Richard Byrd Jr., commissioner of the IRSs Wage and Investment Division.