November 3, 2015

IRS Fails Records Management Transparency Test

2 minute read

An article from The Daily Signal reports that the #IRS improperly withheld information under the Freedom of Information Act (FOIA). The Treasury Inspector General for Tax Administration (TIGTA), the IRS' auditor, reviewed 65 FOIA requests and found that eight of these for which the IRS improperly withheld information.

TIGTA also found that the IRS did not release 7.3 percent of the Internal Revenue Code information requests reviewed, which should have been open to those who requested it. Additionally, and even more concerning is that sensitive taxpayer information was accidentally exposed in 13 (about 21% of the cases reviewed) FOIA requests. (Click to Tweet this!)

This audit is rather shocking considering the IRS deals with an incredible amount of sensitive data and one would assume would have very strict protocols in place to ensure accidental exposure does not occur. Unfortunately, this issue is not unique to the IRS or even the U.S. Government. Private sector businesses have been the center of attention regarding improper #governance of data. Whether from a hack or the failure to properly scrub sensitive data before releasing, it seems to be a dangerous time for everyone's information and identity.

The most important thing to consider is the most effective way to prevent these types of issues is a proper information governance (#infogov) strategy. If your organization has a clear lifecycle for your records and where they should be at all phases until disposition, it is very unlikely a mistake of this caliber could happen. Especially in the case of a private sector business, knowing where your customers' information is can arguably be more important than even governing the company's own records. Your customers are trusting you with their identity and there is an implicit agreement that the business will treat that information with the utmost of care.

Another important factor here is the sheer amount of records the IRS deals with. As the number of records increase, not only does the possibility of a mistake increase, the impact of that mistake jumps exponentially. In the IRS example above, they reviewed only a sample of 65 requests and yet still found that 21% of those FOIA requests had improper sensitive data. It's not hard to see how much information could potentially be exposed if that were extrapolated out to all the requests they received throughout the year.

The takeaway lesson from this audit is that with a clear understanding of where all of your records are located and how they are being governed, any organization can avoid exposing themselves and their clients information.

Receive News Updates As Soon As They Happen