IRS Private Debt Collectors Demonstrate Lax Security

Posted on August 20, 2018

In 2015, Congress revived the IRS’ Private Debt Collection Program. Under this program, older uncollectible taxpayer accounts are assigned to private debt collection agencies. This program had been tried twice before without success because the program cost more money than it brought in and because taxpayers reported being harassed by the collection agencies. Under the current program, four private debt collection agencies were approved as contractors and, as such, now have access to sensitive taxpayer data. Under a recent report from the Treasury Inspector General for Tax Administration (TIGTA), there are vulnerabilities in the security exercised by the debt collection agencies and, to some degree, all of the debt collection agencies were unable to adhere to the terms of the law that requires them to secure taxpayer data. Problems discovered by TIGTA included the lack of a secure mail processing area for payments, failure to secure misdirected payments and failure to back up video footage. Further, the IRS itself did not enforce its own contractor security controls for cell phone use related to IRS data nor did it encrypt data before sending taxpayer information to the collection agencies. Of the eight recommendations made by TIGTA to better secure taxpayer data, the IRS agreed to six of these recommendations. IRS Trouble Solvers has been and continues to be against the use of private debt collectors that have access to sensitive taxpayer information and collect tax debts on behalf of the IRS. What do you think?