“However, taxpayer information held by third-party providers—such as paid tax return preparers and tax preparation software providers—generally falls outside of these requirements, according to IRS officials.” However, even with updated standards, the IRS does not have the authority to regulate or otherwise manage the security of third-party providers directly. “However, IRS’s efforts do not provide assurance that taxpayers’ information is being adequately protected,” according to GAO researchers, as the agency has not “developed minimum information security requirements for the systems used by paid preparers or Authorized e-file Providers.” While GAO suggested such requirements would be necessary to establish baseline security for the industry, the report notes Congress has yet to give the IRS the requisite authority to do so. “Having explicit authority to establish security standards for Authorized e-file Providers’ systems may help IRS better ensure the protection of taxpayers’ information,” GAO analysts wrote.
Support the originator by clicking the read the rest link below.