Upon discovering a possible improper inspection or disclosure of Federal Tax Information (FTI), including breaches and security incidents, by a federal employee, a state employee, or any other person, the individual making the observation or receiving information must notify Shanon Holmes, Family Support Division, Income Maintenance security officer in Central Office at Shanon.L.Holmes@dss.mo.gov.
- Within 24 hours of the incident report, the Divisional Security Officer or his/her designee will contact the:
- Local Treasury Inspector General for Tax Administration Field Division Office
- IRS at: SafeguardReports@IRS.gov
- FSD-IM Privacy Officer
- The Security Officer or his/her designee will document the incident by preparing and submitting an incident report. The incident report will include the following information:
- Name of agency
- The Security Officer’s name or the name of his/her designee and contact information
- Date and time of incident
- Date and time the incident was discovered
- How the incident was discovered
- Description of the incident and the data involved, including specific data elements, if known
- Potential number of FTI records involved, if known, or if unknown, provide a range
- Where the incident occurred
- Any information technology involved (e.g., laptop, server, mainframe)
NOTE: The incident report will not include any FTI.
- The Security Officer will provide a copy of the incident report to the Privacy Officer. The Privacy Officer will:
- Complete an Information Disclosure Incident Report (Ref: )
- Send the report to the DSS Privacy Officer
- The Security Officer or his/her designee will:
- Track and document all physical and information system security incidents
- Conduct post–incident reviews to ensure the incident response procedures were followed
- Recommend additional training or procedural changes as needed
Penalties for Unauthorized Inspection or Disclosure of FTI
Unauthorized inspection of FTI shall be punishable upon conviction by a fine in any amount not exceeding $1,000, or imprisonment of not more than one year or both, together with the costs of prosecution.
- The unauthorized disclosure of FTI is a federal felony punishable by a fine of up to $5,000 or up to five years in prison, or both.
- Disclosure of FTI will render the disclosing party vulnerable to a civil suit for damages in the U.S. District Court.
NOTE: The civil and criminal penalties apply even if the unauthorized disclosures were made after the party’s employment with the agency terminated.