Upon discovering a possible improper inspection or disclosure of Federal Tax Information (FTI), including breaches and security incidents, by a federal employee, a state employee, or any other person, the individual making the observation or receiving information must notify Stacia Humphrey, Family Support Division, Income Maintenance security officer in Central Office at Stacia.Humphrey@dss.mo.gov.
- Within 24 hours of the incident report, the Divisional Security Officer or his/her designee will contact the:
- Local Treasury Inspector General for Tax Administration Field Division Office;
- IRS at: SafeguardReports@IRS.gov.
- FSD-IM Privacy Officer.
- The Security Officer or his/her designee will document the incident by preparing and submitting an incident report. The incident report will include the following information:
- Name of agency;
- The Security Officer’s name or the name of his/her designee and contact information;
- Date and time of incident;
- Date and time the incident was discovered;
- How the incident was discovered;
- Description of the incident and the data involved, including specific data elements, if known;
- Potential number of FTI records involved, if known, or if unknown, provide a range;
- Where the incident occurred; and
- Any information technology involved (e.g., laptop, server, mainframe).
NOTE: The incident report will not include any FTI.
- The Security Officer will provide a copy of the incident report to the Privacy Officer. The Privacy Officer will:
- Complete an Information Disclosure Incident Report (Ref: ); and
- Send the report to the DSS Privacy Officer.
- Track and document all physical and information system security incidents;
- Conduct post–incident reviews to ensure the incident response procedures were followed; and
- Recommend additional training or procedural changes as needed.
Penalties for Unauthorized Inspection or Disclosure of FTI
Unauthorized inspection of FTI shall be punishable upon conviction by a fine in any amount not exceeding $1,000, or imprisonment of not more than one year or both, together with the costs of prosecution.
- The unauthorized disclosure of FTI is a federal felony punishable by a fine of up to $5,000 or up to five years in prison, or both.
- Disclosure of FTI will render the disclosing party vulnerable to a civil suit for damages in the U.S. District Court.
NOTE: The civil and criminal penalties apply even if the unauthorized disclosures were made after the party’s employment with the agency terminated.