General Information

0165.000.05 Incident Response for Unauthorized IRS Disclosures

IM-109 July 16, 2020;

Upon discovering a possible improper inspection or disclosure of Federal Tax Information (FTI), including breaches and security incidents, by a federal employee, a state employee, or any other person, the individual making the observation or receiving information must notify Stacia Humphrey, Family Support Division, Income Maintenance security officer in Central Office at Stacia.Humphrey@dss.mo.gov.

  1. Within 24 hours of the incident report, the Divisional Security Officer or his/her designee will contact the:
    • Local Treasury Inspector General for Tax Administration Field Division Office;
    • IRS at: SafeguardReports@IRS.gov.
    • FSD-IM Privacy Officer.
  2. The Security Officer or his/her designee will document the incident by preparing and submitting an incident report. The incident report will include the following information:
      • Name of agency;
      • The Security Officer’s name or the name of his/her designee and contact information;
      • Date and time of incident;
      • Date and time the incident was discovered;
      • How the incident was discovered;
      • Description of the incident and the data involved, including specific data elements, if known;
      • Potential number of FTI records involved, if known, or if unknown, provide a range;
      • Where the incident occurred; and
      • Any information technology involved (e.g., laptop, server, mainframe).

    NOTE:   The incident report will not include any FTI.

  3. The Security Officer will provide a copy of the incident report to the Privacy Officer. The Privacy Officer will:
    • Complete an Information Disclosure Incident Report (Ref: ); and
    • Send the report to the DSS Privacy Officer.
  4. The Security Officer or his/her designee will:
    • Track and document all physical and information system security incidents;
    • Conduct post–incident reviews to ensure the incident response procedures were followed; and
    • Recommend additional training or procedural changes as needed.

Penalties for Unauthorized Inspection or Disclosure of FTI

Unauthorized inspection of FTI shall be punishable upon conviction by a fine in any amount not exceeding $1,000, or imprisonment of not more than one year or both, together with the costs of prosecution.

  1. The unauthorized disclosure of FTI is a federal felony punishable by a fine of up to $5,000 or up to five years in prison, or both.
  2. Disclosure of FTI will render the disclosing party vulnerable to a civil suit for damages in the U.S. District Court.

NOTE:  The civil and criminal penalties apply even if the unauthorized disclosures were made after the party’s employment with the agency terminated.