Chapter | Federal Authority |
Confidentiality and Safeguarding Information | 26 U.S.C § 6103 Confidentiality and disclosure of returns and return information 26 U.S.C. § 7213 Unauthorized disclosure of information 45 CFR 303.21 Safeguarding and disclosure of confidential information |
Subject | State Authority |
IRS – Unauthorized Disclosure | Wyoming Child Support Enforcement Rules Chapter 13 Safeguarding and Disclosure of Confidential Information |
Policy Number | Effective Date |
3.2.7 | July 1, 2014 |
Overview
The Wyoming CSE Program receives federal tax information (FTI) from the Internal Revenue Service (IRS) to locate alleged fathers and non-custodial parents and establish and enforce child and medical support obligations. Access to the FTI comes with rights and obligations to manage, secure, protect and control the FTI. Any unauthorized disclosure or improper inspection of FTI will be reported and may invoke federal civil and/or criminal penalties for such disclosures.
Terms and Definitions
For Wyoming Child Support purposes, FTI includes the following information received by the POSSE from the IRS.“Return” is defined under 26 USC § 6103(b)(1) as any tax or information return, declaration of
estimated tax, or claim for refund required by, or provided or permitted under title 26 and filed
with the IRS by or on the behalf of any person. This includes amendments, schedules,
attachments, or lists that are supplemental to or part of the filed return.
“Return Information” is defined under 26 USC § 6103(b)(2) as the taxpayer’s identity, the
nature, source or amount of his income, payments, receipts, deductions, exemptions, credits,
tax liability, tax withheld, deficiencies, over-assessments, payments, etc… whether the return
was, is being, or will be examined, or any other data received by, recorded by, prepared by,
furnished to or collected by the IRS with respect to a return. This includes any information
regarding the determination of the existence or possible existence of a liability for tax, penalty,
interest, fine, forfeiture, other imposition or offense.
- The person’s name, mailing address, SSN, and refund amount received from the IRS
- Any report or compilation including the above information is also considered FTI.
Agency Director | Responsible for information security in the agency, for reducing risk exposure, and for ensuring the agency’s activities do not introduce undue risk to the enterprise. The director also is responsible for ensuring compliance with state enterprise security policies, standards, and security initiatives, and with state and federal regulations. |
IV-D Director | Responsible for information security in the IV-D program, for reducing risk exposure, and for ensuring the agency’s activities do not introduce undue risk to the enterprise. The IV-D Director also is responsible for ensuring compliance with state enterprise security policies, standards, and security initiatives, and with state and federal regulations. |
IV-D Program Manager | Responsible for information security in the IV-D program, for reducing risk exposure, and for ensuring the agency’s activities do not introduce undue risk to the enterprise. The IV-D Program Manager also is responsible for ensuring compliance with state enterprise security policies, standards, and security initiatives, and with state and federal regulations |
IRS/FPLS Security Liaison | Responsible for communicating with IV-D Director and Program Manager and coordinating agency actions with the CSE district manager, Clerk of District Court, the SDU manager or ETS Supervisor in response to an information security incident |
Information Owner | Responsible for creating initial information classification, approving decisions regarding controls and access privileges, performing periodic reclassification, and ensuring regular reviews for value and updates to manage changes to risk. For Wyoming this is the Wyoming Child Support Enforcement Program – POSSE. |
User | Responsible for complying with the provisions of policies, procedures and practices. Users include but are not limited to the following:
|
Policy
- Accessing data which the individual has no need to access.
- EXAMPLE: Reading the files of friends, neighbors, acquaintances or relatives.
- Enabling unauthorized individuals to access data.
- EXAMPLES: Authorized user allows a non-authorized person to access POSSE; printouts (verification letters, IRS reports, etc.) containing confidential data are left unprotected and unattended in open areas where they could be compromised; or file cabinet containing confidential information is left unlocked after hours, thereby compromising its contents.
- Revealing information to a person, business or organization that has no authority to receive the information.
- EXAMPLE: Sally from XYZ law office has a relative who works in a District CSE Office. She calls that relative at work to ask for information on a client. The child support case worker gives her the information.
- Unauthorized use of information for commercial gain or malicious purposes.
- EXAMPLE: Data copied for personal use.
- Inappropriately modifying or destroying data.
- EXAMPLE: Changing or deleting payment or person information so that it either profits or harms one or both parties on the case.
- Loss of documents and case files containing FTI will in transit
- EXAMPLE: A case file is sent, via USPS, Fed EX, United Parcel Service, or any other means of transport, from one CSE office to another CSE office, instate or intergovernmental and the case file does not reach it’s intended destination.
- Disclosure of Return Information – Felony with a fine not to exceed $5,000 or 5 years in prison or both.
- Unauthorized Inspection of Return Information – Fine not to exceed $1,000 or 1 year in prison or both.
- Under certain circumstances, the taxpayer may bring a civil action based upon the disclosure or unauthorized inspection of return information. The civil penalties will be the greater of $1,000 per unauthorized act or the sum of actual damages along with the costs of the action.
Cross Reference
Version Number | Last Revised Date |
3 | July 1, 2014 |