IM-65 December 12, 2024; IM-82 September 27, 2023; IM-109 July 16, 2020
Upon discovering a possible improper inspection or disclosure of Federal Tax Information (FTI), including breaches and security incidents, by a federal employee, a state employee, or any other person, the individual making the observation or receiving information must notify, Family Support Division, Income Maintenance security officer in Central Office at FSD.IMPRIVACY@DSS.MO.GOV.
- Within 24 hours of the incident report, the Divisional Security Officer or his/her designee will contact the:
- IRS at: SafeguardReports@IRS.gov
- FSD-IM Privacy Officer
- The Security Officer or his/her designee will document the incident by preparing and submitting an incident report. The incident report will include the following information:
-
- Name of agency
- The Security Officer’s name or the name of his/her designee and contact information
- Date and time of incident
- Date and time the incident was discovered
- How the incident was discovered
- Description of the incident and the data involved, including specific data elements, if known
- Potential number of FTI records involved, if known, or if unknown, provide a range
- Where the incident occurred
- Any information technology involved (e.g., laptop, server, mainframe)
NOTE: The incident report will not include any FTI.
-
- The Security Officer will provide a copy of the incident report to the Divisional Privacy Officer. The Divisional Privacy Officer will:
- Complete an Information Disclosure Incident Report(Ref: )
- Send the report to the DSS Privacy Officer
- Promptly notify the affected individual(s) (or their next of kin, if deceased), when they determine a breach has occurred, by first class mail at their last known address, within sixty (60) days of the breach, as outlined in 45 CFR § 164.404; see also Admin. Policy 5-103.
- The Divisional Privacy and Security Officer or his/her designee will (in conjunction with the Department Privacy Officer):
- Track and document all physical and information system security incidents
- Conduct post–incident reviews to ensure the incident response procedures were followed
- Recommend additional training or procedural changes as needed
Penalties for Unauthorized Inspection or Disclosure of FTI
Unauthorized inspection of FTI shall be punishable upon conviction by a fine in any amount not exceeding $1,000, or imprisonment of not more than one year or both, together with the costs of prosecution.
- The unauthorized disclosure of FTI is a federal felony punishable by a fine of up to $5,000 or up to five years in prison, or both.
- Disclosure of FTI will render the disclosing party vulnerable to a civil suit for damages in the U.S. District Court.
NOTE: The civil and criminal penalties apply even if the unauthorized disclosures were made after the party’s employment with the agency terminated.