Homepage tabWindows tabGames tabDrivers tabMac tabLinux tabScripts buttonMobile tabHandheld tabGadgets tabNews tab


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Security

Security

IRS Does Not Properly Dispose of Taxpayer Records

Piles of sensitive documents found in dumpsters

By Lucian Constantin, Web News Editor

27th of May 2009, 08:33 GMT

Adjust text size:


IRS fails to destroy records before disposing of them
Enlarge picture
Workers from the Treasury Inspector General for Tax Administration (TIGTA) went trash-hunting at IRS offices from several cities in order to perform an audit of the agency's waste-disposal processes. They conclude in their report (PDF) that the Internal Revenue Service fails to properly protect taxpayer information stored on paper from accidental disclosure and dissemination.

One of IRS's pieces of advice to more than 130 million taxpayers it collects information from is to use paper shredders and other methods of destroying sensitive documents before disposal. This is to prevent possible identity theft and misuse of Personal Identifiable Information (PII). However, like in a classic example of the preacher not practicing what they preach, the IRS fails to follow up its own recommendation.

"At every location we visited, we found documents containing PII or other Sensitive But Unclassified (SBU) information in regular waste containers and/or dumpsters," the TIGTA report mentions. "During onsite visits to 15 IRS locations, and in questionnaires provided to 14 Territory Managers, we attempted to determine who was responsible for the oversight and monitoring of the collection and disposal of SBU waste. Answers varied from site to site and, in some instances, we received contradictory answers from Territory Managers and onsite personnel," it also adds.

The audit was performed between September 2007 and May 2008 and, at the time, it was established that in only two cases did the IRS personnel visit the facilities of companies contracted by the agency to handle the waste shredding or burning processes. Furthermore, many of the interviewed Territory Managers were not even able to name these companies, which in turn maintained that they never received an official inspection request from the IRS. One of the facilities even changed its physical location without notifying the agency.

Additionally, the auditors also conclude that performing background checks of the contractor's employees has almost never been performed, even though it is vital for protecting the privacy of taxpayers. "We found no documentation to show that any review of the background investigation files was performed by IRS officials. One contracted shred facility informed us that the IRS had not asked about or checked on the background investigations of their employees in 6 or 7 years, and another stated that the IRS had never done such a check," they write in their report.

As a result of the audit, the Treasury Inspector General for Tax Administration made a number of five recommendations to the IRS management, which agreed with all of them and has since taken important steps to address the deficiencies of the SBU waste-disposal process.

However, this is not the first time that the IRS is put under the microscope and bad security practices are uncovered. Back in September 2008, TIGTA released a report according to which it found 2,093 internal vulnerable web servers on the IRS network, while 1,811 of them were not even authorized. At the beginning of this year, the Government Accountability Office (GAO) reported that the IRS resolved only 49 out of the 115 problems identified during a November 2008 audit regarding the security policies enforced on its network.

TAGS:

 Internal Revenue Service | waste disposal | taxpayer records | identity theft | Treasury Inspector General for Tax Administration
Read by 788 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
NOT RATED 0 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


PCI-DSS Non-Compliant Payment Processor Wins IRS Contract

The IRS Network Is Vulnerable

The U.S. Consulate in Israel Auctions Government Files

The IRS Network Puts Tax Payers at Risk

Phishing Attack Uses IRS as a Front

User opinions:


Comment #1 by: Paper Shredders on 28 May 2009, 10:27 GMT reply to this comment

Here here! Identity theft has been on the increase making it more important to destroy those sensitive documents. Our office supplies & stationery store sells the Fellows range and in our opinion they are far superior to the alternatives.

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive