Requests by IRS and state departments of revenue for electronic accounting software records of taxpayers

Around 2010, the IRS instituted a policy to use electronic records of a taxpayer when examinations of returns are conducted by the Small Business/Self Employed Division. The policy is based on Secs. 6001 and 7602(a), Regs. Secs. 1.6001-1(a) and -1(e), Rev. Rul. 71-20, and Rev. Proc. 98-25.

Among concerns practitioners expressed about the policy were that, with some software records, the IRS would have access to records of accounts and tax periods not being examined, which could result in "fishing expeditions," and to records that did not relate to accounting information, such as customer lists.

In response to these concerns, the agency reviewed the policy and posted frequently asked questions and answers (FAQs) on its website (available at www.irs.gov about the procedures it would use. The IRS, in replying to the issue of sharing information for tax period(s) not covered in the initial examination period(s), announced that the company data file could be condensed through the cleanup or purge feature of the software accounting program for dates prior to the year(s) under audit, provided the process does not remove transactions created or changed for the periods being examined or transactions from prior years that had an effect on the years being examined.

Some software programs will condense old closed transactions that occurred prior to a manually selected date. During that process, a backup or archive copy of the data file is created that has the details of the old transactions. The backup file can be provided on a CD, DVD, or a flash/thumb drive. Email cannot be used to send the electronic records to or from the IRS, a taxpayer, or its representative. If the Service should examine other years, the archived information would have to be restored.

If the backup file has privileged information or information that is protected from disclosure by statute, the matter should be discussed with the examiner. The auditor may consult with the IRS Counsel for assistance if a taxpayer claims privilege or a law, such as the Health Insurance Portability and Accountability Act (HIPAA), prevents complying with a request for records.

On its website, the IRS addressed its access to customer and vendor lists, citing Sec. 6103, which prohibits the unauthorized disclosure of information obtained during an examination. Service employees are annually trained on protecting taxpayer information and are subject to discipline and criminal penalties for violating disclosure rules. These rules may be comforting to taxpayers and practitioners, but erroneous disclosures may sometimes occur.

In transferring the records to the IRS, a taxpayer can change the administrator's password to a temporary one. The backup file can then be created for submission to the Service, and then the password can be changed to the original one within the software. The administrator's password should not be given to the examiner.

The IRS has indicated it will issue a summons to the taxpayer's representative if the representative does not voluntarily submit the requested records, and it may also consider whether a violation of Circular 230, Regulations Governing Practice Before the Internal Revenue Service,has occurred. Section 10.20 of Circular 230 provides that a practitioner must, upon a proper and lawful request by a duly authorized employee of the IRS, promptly submit records in any matter before the agency, unless the practitioner believes in good faith and based on reasonable grounds that the records are privileged. When the examination is completed, the examiner should be asked to return the backup file, even though the IRS has a policy to dispose of it.

Through the process outlined in the FAQs, the entire files and administrator password are not given to the IRS, and practitioners have not violated the duty to protect client records from being unnecessarily disclosed. Email should never be used to give the files to the agency.

Some state departments of revenue may follow the IRS guidelines. If state returns are being examined or states suspect returns should have been filed, practitioners should discuss the state policies with the examiners and, if necessary, managers, if the examiners will not use the IRS guidelines.

Due to the increased instances of computer security violations, such as the 2017 Equifax breach that may have exposed the personal information of 145.5 million people, many are concerned that electronic records given to the IRS and state revenue departments may be illegally hacked. The responsible agencies have striven to prevent such illegal access to taxpayer records, but hackers could possibly overcome these barriers.