taxpayer data security

IRS told to better protect taxpayer identities

A new law, signed into law by President Donald Trump July 1, will put into play a number tools to help the IRS shore up online authentication and prevent tax-related identity theft.

The Taxpayer First Act would create a new Identity Protection Personal Identification Number that could eventually replace Social Security numbers. For years, officials at IRS and Treasury have complained that Social Security numbers no longer serve as viable markers to authenticate a taxpayer's identity.

The new identity PINs will not immediately supplant Social Security numbers, as they would only be issued to taxpayers who request one, and the department won't have to make them available to every American until 2024. The new law also creates a single point of contact at the IRS for victims of tax-related identity theft.

The government is largely moving away from such "knowledge-based" verification practices. A Government Accountability Office report released in June found that large-scale data breaches like the 2017 Equifax hack have made Social Security numbers and other signifiers so prevalent on the black market that they are essentially useless for authentication.

The agency was also given authority to create an Information Sharing and Analysis Center that would be focused on curbing identity theft and return fraud. The center would be permitted to share return information with specific members in certain instances for cybersecurity purposes and to prevent identity theft. However, the law intends for such information to be closely guarded, and cabinet officials must conduct on-site reviews every three years or at the mid-contract point for every contractor at their agency that would have access to such information to ensure they're complying with necessary security requirements.

Adequate funding remains a concern after a decade of budget cuts have hollowed out IRS' personnel and enforcement capabilities. The Professional Managers Association, a national membership association representing non-bargaining unit federal employees, praised the law's provisions on IT modernization but warned it could all be for naught if "a lack of adequate funds and ongoing continuing resolutions prevent the hiring and training of well qualified personnel to carry out the agency's mission."

"While we thank lawmakers for their dedication to IRS reform and modernization, we hope they will acknowledge funding disparities which may prevent this important mission from being carried out effectively," the organization said in a statement reacting to the new law.

A longer version of this article was first posted to FCW, a sibling site to GCN.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.