IRS Match and Safeguard

0165.000.05 Incident Response for Unauthorized IRS Disclosures

IM-109 July 16, 2020

Upon discovering a possible improper inspection or disclosure of Federal Tax Information (FTI), including breaches and security incidents, by a federal employee, a state employee, or any other person, the individual making the observation or receiving information must notify Shanon Holmes, Family Support Division, Income Maintenance security officer in Central Office at

  1. Within 24 hours of the incident report, the Divisional Security Officer or his/her designee will contact the:
    • Local Treasury Inspector General for Tax Administration Field Division Office
    • IRS at:
    • FSD-IM Privacy Officer
  2. The Security Officer or his/her designee will document the incident by preparing and submitting an incident report. The incident report will include the following information:
      • Name of agency
      • The Security Officer’s name or the name of his/her designee and contact information
      • Date and time of incident
      • Date and time the incident was discovered
      • How the incident was discovered
      • Description of the incident and the data involved, including specific data elements, if known
      • Potential number of FTI records involved, if known, or if unknown, provide a range
      • Where the incident occurred
      • Any information technology involved (e.g., laptop, server, mainframe)

    NOTE:   The incident report will not include any FTI.

  3. The Security Officer will provide a copy of the incident report to the Privacy Officer. The Privacy Officer will:
    • Complete an Information Disclosure Incident Report (Ref: )
    • Send the report to the DSS Privacy Officer
  4. The Security Officer or his/her designee will:
    • Track and document all physical and information system security incidents
    • Conduct post–incident reviews to ensure the incident response procedures were followed
    • Recommend additional training or procedural changes as needed

Penalties for Unauthorized Inspection or Disclosure of FTI

Unauthorized inspection of FTI shall be punishable upon conviction by a fine in any amount not exceeding $1,000, or imprisonment of not more than one year or both, together with the costs of prosecution.

  1. The unauthorized disclosure of FTI is a federal felony punishable by a fine of up to $5,000 or up to five years in prison, or both.
  2. Disclosure of FTI will render the disclosing party vulnerable to a civil suit for damages in the U.S. District Court.

NOTE:  The civil and criminal penalties apply even if the unauthorized disclosures were made after the party’s employment with the agency terminated.