The Internal Revenue Service let some contract employees see taxpayers’ private information without ever sending the workers through a required background check, the agency’s internal auditor reported Thursday.
In one instance, the IRS gave a contract printer a computer disk containing 1.4 million taxpayer names, addresses and Social Security numbers, though none of the contract employees had the background investigation required to handle that type of information.
Similar problems were found with IRS contracts for couriers, document recovery specialists and sign language interpreters.
Investigators also found 20 IRS contracts where personnel didn’t sign nondisclosure agreements.
“Allowing contractor employees access to taxpayer data without appropriate background investigations exposes taxpayers to increased risk of fraud and identity theft,” said J. Russell George, the Treasury inspector general for tax administration who led the investigation.
The IRS is already under fire for targeting tea party groups for extra scrutiny of their applications for tax-exempt status, and for lax controls on how the agency handled private data.
In one case, the IRS paid a settlement to the National Organization for Marriage after the group accused the agency of releasing private information to its political foes. The information later was used to attack 2012 Republican presidential candidate Mitt Romney.
The IRS said it has updated its guidance to make sure contractors sign nondisclosure forms.
“We take our responsibility to protect taxpayer information and other sensitive data very seriously, and we expect the same from our contractors,” the agency said in a statement. “The IRS is committed to ensuring that background investigations are conducted for contractor personnel who have access to Sensitive but Unclassified (SBU) information. We have taken additional steps to ensure all necessary security provisions are in place to safeguard sensitive information.”
The IRS also promised to update its training to make sure contractors know they are required to sign nondisclosure agreements.
The IRS said the printing contract the auditors highlighted was run by the Government Printing Office, not the IRS, but acknowledged that the tax agency needed to do more to make sure other government agencies recognize the special circumstances for the IRS.
But the IRS rejected one of the recommendations that told the agency to demand that expert witnesses also go through background checks.
“These witnesses do not obtain staff-like access to IRS facilities and systems,” the agency said, adding that those witnesses do sign nondisclosure agreements and are subject to stiff penalties if they reveal private taxpayer information.
The inspector general’s report didn’t sit well with members of Congress, who said the IRS needs to follow all privacy rules given the agency’s expanded role in implementing President Obama’s health care law.
“Americans deserve to have their personal information treated securely and with discretion, and the IRS should follow the policies that are there to protect taxpayers from fraud and identity theft,” said Rep. Diane Black, Tennessee Republican.