3.2.1 IRS - Safeguarding Requirements

Chapter

Confidentiality and Safeguarding Information

Federal Authority

26 U. S. C. § 6103 Confidentiality and disclosure of returns and return information

26 U. S. C. §  7213 Unauthorized disclosure of information

45 CFR 303.21 Safeguarding and disclosure of confidential information

Confidentiality and Safeguarding Information

Subject

State Authority

IRS - Safeguarding Requirements

Wyoming Child Support Program Rules Chapter 13 Safeguarding and disclosure of confidential information

Policy Number

Effective Date

3.2.1

July 1, 2014

Overview

Information received from the Internal Revenue Service (IRS) is subject to strict safeguards and record keeping.  As a recipient of federal tax information (FTI), the Wyoming CSP  will take specific steps to safeguard and protect FTI.  The IRS audits the Wyoming CSP triennially for compliance with these safeguarding requirements.  For the penalties associated with the unauthorized disclosure or release of FTI, see 3.2.7 IRS – Unauthorized Disclosure of Information and  IRC - SEC Non-Disclosure Oath and Certification of Need to Know Form

Policy

Safeguard Information

The Wyoming CSP Program utilizes IRS information in order to locate non-custodial parents and alleged fathers to establish and enforce support obligations.  

FTI is any return or return information received from the IRS or secondary source, such as SSA, Federal Office of Child Support Enforcement or Bureau of Fiscal Service, as defined by the IRS in IRS Publication 1075 – Tax Information Security Guidelines for Federal, State, and Local Agencies (Appendix 3.A).  FTI contained in POSSE includes:

FTI may also include Personally Identifiable Information (PII). FTI may include the following PII elements: 

FTI does not include information provided directly by the taxpayer or third parties (third parties do not include the secondary sources identified in Section 1.4.1, Federal Tax Information). If the taxpayer or third party subsequently provides returns, return information, or other PII independently, the information is not FTI as long as the IRS source information is replaced with the newly provided information.  Therefore, any FTI or PII provided by the IRS, SSA, Federal Office of Child Support Enforcement or Bureau of Fiscal Service, shall be verified by another source, called “Third Party Verification”, prior to using the information to further the mission of the IV-D child support program

Safeguard Requirements

The IRS requires the Wyoming CSP Program safeguard FTI information in the following 4 ways:

1. Establish and maintain a standardized, permanent system of records for a disclosure request.

2. Establish and maintain a secure area or place to store FTI.

        i. Lock the computer  when not in use, and ensure that computer displays only the information relating to the customer during interviews.

        ii. Sign off terminals when leaving for the day. 

3. Restrict access to returns.

4. Provide any other safeguards as necessary.

Safeguard Reviews

Every three years, the IRS visits Wyoming to audit the Wyoming CSP.  During this audit, the IRS reviews Wyoming CSP policies and procedures and conducts site visits at the State CSP Office along with at least one District CSP Office and Clerk of District Court to ensure FTI is protected as discussed above.

In addition to the IRS audit, the State CSP Office is required to complete a random on-site audit of several locations annually.  These locations include the State CSP office, the State Disbursement Unit, the District CSP offices, the Clerks of District Court offices, the State Central Mail office, the Wyoming Department of Enterprise Technology Services  IT Operations locations, and the Wyoming Department of Enterprise Technology Services offices of programming staff with access to POSSE data.  For more information on the IRS safeguarding visit conducted by the State CSP Office, see 17.4 Audits – IRS Safeguarding Visit.

The IRS Internal Inspection – CSP Office Report is to be completed annually by every District CSP Office Manager.  The IRS Internal Inspection – CDC Office Report is to be completed annually by every Clerk of District Court or designee and the State Disbursement Unit (SDU) Manager. The Internal Inspections – IT Operations Report is to be completed annually by the appropriate Wyoming Enterprise Technology Services Managers. The IRS Internal Inspection – Headquarters Office Report is to be completed annually by the CSP State Staff.  In addition, each User or IT staff member with access to POSSE data will complete the IRS Internal Inspection – User Questionnaire annually.

Cross Reference

Appendix 3.A - IRS Publication 1075 – Tax Information Security Guidelines for Federal, State, and Local Agencies

Appendix 3.B – Contract for General Services

Appendix 3.C - Communications with Persons Represented by Counsel