IRS Data Security Still a Concern 54
Lucas123 writes "Computerworld has a story about the possibility and the potential ramifications of an IRS data loss similar to the UK's recent mishap. According to one World Bank executive, it could have already happened, 'and we don't know about it.' While the IRS does offer data encryption to its workers, more than half of its 94,000 employees have permission to take taxpayer information to locations outside the IRS offices. In the 2007 filing season, roughly 128 million individual tax returns were filed. In addition to the basic personal information on those forms, an IRS breach could also jeopardize the banking information of the 46% of filers who requested direct deposit refunds. This is not the first time that IRS security has been called into question, and the Department of Treasury's progress in that arena is dubious. [PDF]"
Why take data out of office? (Score:5, Insightful)
It seems to me that most of the data breaches from large corporations and government come from just this - employees taking data files out of the office and losing them. Why of why don't employers simply insist that data stays on the premises? Surely keeping data in a secure physical location is the first step to safeguarding it.
Re:Ron Paul... (Score:5, Insightful)
Re:Why take data out of office? (Score:5, Insightful)
Traveling laptop your #5 problem ... (Score:5, Insightful)
I hope your board members recognized the four more important problems as well. Your top five problems:
(1) Management allowed (2), (3), (4), and (5).
(2) The accountant allowed (3) and (5).
(3) You have one and only one system capable of running a critical application.
(4) This critical application is not being run on enterprise grade hardware.
(5) The accountant wanted to take the system on holiday.
If your board only addressed the laptop/holiday add:
(0) Board allowed (1), (2), (3), (4), or (5) as appropriate.
Direct deposit (Score:1, Insightful)
The devil is in the e-file (Score:4, Insightful)
And of course any subpoena, court order, or National Security Letter presented to Intuit has full access to all your data, including aggregation (database "join" on SSN, phone, address, etc.) with various data brokers who market their services aggressively to Department of Homeland Security, etc. With the IRS itself you have some protection; with the e-file cabal you nave none.
What happens? (Score:3, Insightful)
Banking Data? - Already on Checks (Score:3, Insightful)
From TFA "That translates to a lot of personal and banking details maintained by the IRS." - Those banking details are the same ones you hand out every time you write a check.
The information included on the return for direct deposit is 'exactly' the same information printed on the front of a check in human readable format.
If ANY of those households paid with a check to any retail establishment (where the clerk probably makes less than $10.00 an hour) then they have already released this information themselves.
I understand data security and the problems of taking confidential data out of the workplace, but the banking details portion of this story needs to be taken with several grains of salt.
Just because you have a banks routing number and a checking account number, this does not mean you can turn that into cash at an ATM.
Ask any 5 IRS employees... (Score:4, Insightful)
A question and you are likely to get 10 different answers that may or may not be correct.
How the IRS is allowed to operate the way it does is beyond me. How the tax laws are allowed to remain so confusing and frustrating is beyond me. But, obviously it is not cost effective to those that matter to fix it.
If the tax laws were cleaned up, then maybe IRS employees might be able to handle many more individuals per specialist. If the tax laws were cleaned up, then maybe the IRS would be able to do all of its work at work. Just maybe.
InnerWeb
Re:Ron Paul... (Score:5, Insightful)
Re:Ron Paul... (Score:4, Insightful)
Really? I'm pretty sure you've never looked at a tax form before.
The problem is that the IRS was created to solve a problem (social security) which will be a moot pint in 50 odd years unless something else is done.