|
from The Privacy Times
The Treasury Inspector General for Tax Administration has criticized the Internal Revenue Service for not notifying taxpayers in a timely fashion – or at all – when their personal information was inadvertently exposed.
Letters were sent out to victims 86 days after the fact in 20 percent of the breaches, among a sample of 100 incidents between July 2010 and February 2011. The inspector general considers 45 days to be an acceptable lag time. Under draft cybersecurity legislation the White House proposed this spring, companies would have to inform consumers whose personal information has been disclosed within 60 days.
In five percent of the IRS leaks evaluated, the agency could not alert taxpayers because agency employees failed to document the identities of the people whose information had been disclosed. Ten percent of the time, IRS officials did not inform affected individuals because the agency‘s definition of sensitive personal information did not cover the type of tax account information that was compromised.
Officials never told another 21 percent of the victims because the personal data was unintentionally given to state agencies, law firms, payroll processors or people with power of attorney that the IRS believed would not pose a threat.
―Another person‘s Social Security Number is the most valuable tool an identity thief
can obtain to commit financial fraud, and the Social Security Number becomes even more valuable if it is linked to other personal data of the Social Security Number owner, such as information required to prepare a tax return,‖ noted Michael R. Phillips, deputy IG for audit.
He recommended that the IRS adhere to ―timeliness‖ metrics, and the IRS agreed.
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
|
Identity Theft 
