Department of Government Efficiency (DOGE) affiliates are reportedly accelerating their attempts to seek unprecedented disclosure of confidential tax information by asking IRS officials to approve extraordinarily broad sharing of taxpayers’ data across federal agencies.
Responsible data sharing can be properly used to reduce fraud and improve program administration. But that goal can–and must–be achieved while following the laws on the books. Congress has carefully crafted a detailed statute that balances the benefits of responsible data sharing to limit fraud against the risks of intentional or unintentional disclosure of taxpayers’ highly sensitive personal information. If DOGE and the Trump Administration want to change the set of currently permissible uses and methods for sharing data, they need Congress to change the law.
The scope of data sharing access DOGE is reportedly seeking could violate laws intended to protect taxpayer data and rights from abuse and inadvertent data breach. These laws, which have been enacted with broad bipartisan support, make unlawful disclosure or inspection of confidential taxpayer information a crime punishable by incarceration and fines, and allow any affected taxpayer to bring civil litigation seeking money damages beginning at $1,000 per violation.
All agencies receiving confidential taxpayer data from the IRS must also by law adhere to the IRS’s strict data security guidelines. For example, agencies must set up a secure data transfer system to receive encrypted transmissions of taxpayer information from the IRS. Agencies are required to provide evidence that adequate safeguarding protections and controls are in place before the IRS will share protected tax information, and must submit their safeguarding plan for IRS approval at least 90 days before they plan to receive information. Agencies also must comply with periodic on-site reviews by IRS disclosure enforcement specialists and cybersecurity reviewers to make sure the taxpayer data is being held securely and not being accessed by anyone other than those with core responsibilities requiring access. And each agency receiving tax data has a detailed data sharing agreement with the IRS to make sure that taxpayer privacy protections are adhered to.
It is unknown whether DOGE affiliates are following these protocols if and when they access systems with protected tax data at other agencies–and the risks of improper access or use of taxpayer data would only grow if DOGE were granted far broader access to IRS data than under existing protocols intended to ensure that laws protecting taxpayer data are followed.
Add new comment