IRS data security tops list of IRS concerns for 2020, TIGTA says

By Sally P. Schreiber, J.D.

Security of taxpayer data and protection of IRS resources is the No. 1 challenge facing the IRS in 2020, according to the Treasury Inspector General for Tax Administration (TIGTA). In a memorandum to Treasury Secretary Steven Mnuchin dated Oct. 15 (available at, TIGTA reported on the 10 "most serious management and performance challenges" facing the IRS for fiscal year 2020. Other challenges include implementing tax law changes and modernizing IRS operations.

TIGTA noted that this year's priorities are similar to last year's, but last year's challenge of "identity theft and impersonation fraud" has been changed to "addressing emerging threats to tax administration" to encompass more issues that affect the IRS and taxpayers.

Taxpayer data security

The top concern for the current fiscal year is "security over taxpayer data and protection of IRS resources." TIGTA explained that, to serve the public, the IRS has developed internet-accessible, public-facing applications that interact with taxpayers for various administrative purposes. Because these applications collect, process, and store large amounts of personally identifiable information and tax data, which is considered extremely valuable, the IRS is a target of criminals and identity thieves. TIGTA expects the IRS to ensure that its applications are secure against threats on the internet.

TIGTA pointed to two recent data breaches that exposed taxpayer data and required IRS systems to be taken offline, which inconvenienced taxpayers. Those breaches were to the IRS eAuthentication web portal and the IRS Data Retrieval Tool within the U.S. Department of Education Free Application for Federal Student Aid website. Without these resources, taxpayers were unable to timely file annual tax returns, and, in the case of the student financial aid application, the spring college enrollment process nationwide was negatively affected.

In its report, TIGTA said it works with the IRS continually to identify, investigate, and combat threats to the IRS's cyberinfrastructure, especially focusing on how the IRS ensures that only authorized taxpayers can access their information on public-facing applications. Strong electronic authentication controls are needed to prevent identity thieves from succeeding at impersonating taxpayers and gaining improper access to tax records.

Although the IRS has made progress, TIGTA noted that its 52 "public-facing applications" had not yet met the National Institute of Standards and Technology guidelines issued in June 2017, even though the Office of Management and Budget (OMB) had mandated compliance within one year of their issuance.

Other challenges

The nine other challenges discussed in the memo include, in order of priority: (1) implementing tax law changes; (2) addressing emerging threats to tax administration; (3) supporting an improved taxpayer experience; (4) modernizing IRS operations; (5) improving tax reporting and payment compliance; (6) reducing fraudulent claims and improper payments; (7) the impact of global economies; (8) protecting taxpayer rights; and (9) achieving operational efficiencies.

In discussing the challenge of implementing tax law changes, TIGTA mentioned the requirements of the Taxpayer First Act, P.L. 116-25, which mandates that the IRS propose an organizational redesign, and the continuing challenges of implementing the law known as the Tax Cuts and Jobs Act, P.L. 115-97, which necessitated the creation of 48 new tax products, as well as the new laws for due diligence for returns claiming certain tax credits.

"Addressing emerging threats to tax administration" encompasses identity theft and other issues. These include a constantly evolving array of fraudulent activities, including a popular scam where thieves call unsuspecting taxpayers pretending to be from the IRS. TIGTA identified 2.5 million intended victims of phone calls from criminals impersonating IRS or Treasury personnel, of which 15,700 have fallen for the scams and paid approximately $79 million to the thieves.

Under the challenge of supporting an improved taxpayer experience, TIGTA noted that the IRS has failed to open up taxpayer assistance centers in areas TIGTA had identified as high need and that the IRS's telephone performance measures do not reflect overall call demand or performance for IRS telephone assistance.

In discussing the challenge of modernizing IRS operations, TIGTA noted in April 2019 the IRS issued its Integrated Modernization Business Plan, which is a six-year road map to improve the taxpayer experience by modernizing core tax administration systems, IRS operations, and cybersecurity. However, TIGTA says, the IRS relies on out-of-date computer systems and does not have enough input from the business operations in setting information technology budgets and priorities.

Regarding improving tax reporting and payment compliance, TIGTA criticized the performance of the private tax collection program and recommended areas for improvement. It also noted that self-employment income in the growing "gig" economy was underreported and discussed its recent report on the alimony tax gaps.

In the area of reducing fraudulent claims and improper payments, TIGTA noted that it believes that the IRS is significantly understating its estimate of improper payments associated with refundable tax credits in its reports to OMB and Congress. The IRS estimates that nearly 33% ($8.7 billion) of the additional child tax credit payments made during tax year 2009 through 2011 were likely improper and that over 31% ($5.3 billion) of American opportunity tax credit payments made during 2012 were likely improper.

Discussing the impact of global economies, TIGTA mentioned the challenges of information reporting agreements with foreign jurisdictions and the low compliance rate on reporting and paying the Sec. 965 transition tax.

In the area of protecting taxpayer rights, TIGTA noted that the IRS devotes significant resources and ­attention to complying with the taxpayer rights provisions of the IRS Restructuring and Reform Act of 1998, P.L. 105-26, but TIGTA also identified ­various procedural deficiencies in how the IRS handles taxpayer cases.

Finally, TIGTA reported that the IRS does not always efficiently manage or implement its software systems to ­ensure operational efficiency. It noted that, for example, the IRS's pilot transition from Oracle to Linux took 22 months to complete because no initial project plan was developed and no technical analysis was performed upfront, and only 8 of 141 applications were ­successfully migrated.

Tax Insider Articles


Business meal deductions after the TCJA

This article discusses the history of the deduction of business meal expenses and the new rules under the TCJA and the regulations and provides a framework for documenting and substantiating the deduction.


Quirks spurred by COVID-19 tax relief

This article discusses some procedural and administrative quirks that have emerged with the new tax legislative, regulatory, and procedural guidance related to COVID-19.