Report Finds Private Collectors Protecting Taxpayer Privacy

Charges that the private collectors serving the IRS could not adequately protect taxpayer privacy were shot down last week by a report from a U.S. Treasury Department auditor.

The Treasury Inspector General for Tax Administration (TIGTA) gave a positive review to the privacy precautions exercised by firms participating in the IRS Private Debt Collection Program. The report refutes claims by NTEU, the union representing IRS employees, and National Taxpayer Advocate Nina Olson, an IRS employee.

“Our review found that taxpayer data provided to the private collection agencies (PCAs) under these contracts were adequately protected during transmission from the IRS and while stored on PCA computer systems,” according to TIGTA, an independent, non-partisan organization with oversight of the IRS.

“In addition, workstations used by contractor collection personnel were adequately controlled to prevent unauthorized copying of taxpayer information to removable media or transfer via e-mail. The contractors also maintained adequate audit trails and performed periodic reviews, including reviews to identify unauthorized access to taxpayer data.”

TIGTA concluded that the private firms implemented best practices that should be considered by current and future private collection agencies.

“TIGTA is never positive about anything, not even in ‘all clear’ reports, so this is very positive, so this is very good,” said Rick Castellano, spokesman for the Tax Fairness Coalition, a group representing the private collection agencies working on the IRS Private Debt Collection Program. Currently CBE Group and Pioneer Credit Recovery are working for the IRS on the program.

Castellano suggested that now that the report is out, there could be closer scrutiny of the IRS’ internal practices regarding taxpayer privacy. A TIGTA report from March 20 found problems with the tax agency’s security programs protecting millions of taxpayer files in IRS databases, said Castellano. 

The security programs contain "weaknesses that put the security and privacy of taxpayer information at risk,” according to TIGTA. The report found that laptops were not properly encrypted, records were misplaced and lost at 50 IRS facilities, security weaknesses were not validated or addressed, compliance testing was inadequate and security incidents were not properly reviewed and analyzed.