At the time the committee’s interim report was prepared (October 1994), the privacy advocate had just been named and was in the process of leaving the Office of Management and Budget and joining the IRS. The committee indicated that the Privacy Advocate Office (PAO) would be crucial in developing appropriate agency policy and seeing to its implementation. The privacy advocate has now been in place for about 1 year and is a bright spot in the TSM effort.
The PAO was created with a staff complement of 12, comprising 11 professionals (including the privacy advocate) and 1 secretary. Until approximately the end of April 1995, the office operated with a staff of 5 as the selection process continued; as of December 1995, it is fully staffed. In spite of operating at less than full strength during the committee’s review cycle, the office has functioned with commendable success in preparing a comprehensive and rational plan for introducing privacy constraints into the IRS information systems development plans and into the IRS’s process of information management policy formulation. The PAO is clearly a key to the IRS taking a leadership role in the protection of citizens’ privacy, and it is encouraging that so much progress has been made in a relatively short time.
Despite its overall positive assessment of the PAO’s activities and mission, the committee has some concerns as to whether that office will have pervasive impacts in the highly decentralized IRS. If the office is little more than a “headquarters shop,” or if its guidance or other outputs are not acted upon, the privacy mission is in jeopardy. There appears to be appreciation by IRS senior management of the importance of the PAO’s role in guiding the IRS’s programs to protect the privacy of information. Continued commitment and support of management, both in Washington, D.C., and in the field, will be necessary for the PAO to accomplish its mission on behalf of the IRS and all taxpayers.
It is extremely important for all IRS employees to understand the value of maintaining taxpayer privacy in order to allow the IRS to fulfill its modernization objectives. In fact, the federal Privacy Act of 19741 and specific statutes in the Internal Revenue Code require that all IRS employees safeguard the privacy of all citizens. However, such laws and policies will do little if the front-line workers do not take these principles to heart. To that end, the IRS has developed a very good training video regarding the importance of taxpayer privacy protection, and the Commissioner in frequent messages to IRS personnel has emphasized “zero tolerance” for improper access to taxpayer files. Additionally, informational privacy is often a topic in agency bulletins for management personnel. Continued training in and reinforcement of privacy values for all IRS staff are necessary to ensure that respect for the confidentiality of taxpayer information becomes part of every employee’s job consciousness.
Monitoring employee access to taxpayer information is also necessary to deter and identify violations of access protocol. The agency is currently developing a program designed to identify browsing. Based on employee work profiles, the program would identify patterns suggesting improper file access. The program is currently in place at all service centers, and the IRS is encouraged to continue its efforts to develop improved scenarios to detect browsing.