12/07/15
Action Memo
Summary:
- Information on earnings obtained through data exchanges with the Internal Revenue Service, National Directory of New Hires, or the Social Security Administration is confidential.
- There are penalties for unauthorized disclosure or inspection of confidential earnings information.
Earnings Records Subject to Confidentiality Requirements
Employees with access to confidential earnings records must be advised annually of the penalties for unauthorized disclosure of information provided through federal data exchanges. Notification is provided in this memorandum. In addition, this same information will be provided via e-mail notification to all DHS employees who have computer access. Procedures for protecting confidentiality, and penalties for unauthorized disclosure or inspection apply to:
- IRS 1099 Account Data provided through data exchanges with the Internal Revenue Service (IRS); and
- Beneficiary Earnings Exchange Record (BEER) data provided through data exchanges with the Social Security Administration (SSA); and
- National New Hire, Unemployment Benefits, and Quarterly Wage information provided through data exchanges with the National Directory of New Hires (NDNH).
Procedures for Protecting Confidentiality
During non-work hours, the FCRC Administrator or Financial Recovery Coordinator (FRC) shall place confidential earnings information (both unverified and verified) in a locked desk, room, file cabinet, or safe.
Staff must take measures to guard against unauthorized disclosure of confidential earnings information. Unauthorized disclosure is defined as using or allowing anyone to use or see the information for any purpose other than the administration of DHS programs. Staff may share the information (or the source of the information) with the client to determine its accuracy.
Report any unauthorized disclosure of Federal Tax Information material to the Bureau of Performance Management at 217/782-1128 immediately. You may also contact the Special Agent-in-Charge, Treasury Inspector General for Tax Administration (TIGTA) in Chicago at 312/554-8751 within 24 hours.
It is the policy of the Illinois Department of Human Services and the Internal Revenue Service that no Federal Tax Information (FTI) may ever be sent to anyone by means of e-mail or fax machine.
Procedures for Breach of FTI Confidentiality Information
Within 24 hours of discovery, report the breach. The following information must be provided when reporting Federal Tax Information (FTI):
- Date & time of incident,
- Date & time discovered,
- How discovered,
- Description of the incident,
- Approximate number of FTI records involved,
- Address where occurred, and
- If IT involved - laptop, server, mainframe.
Even if all information is not available, it is imperative notification is made immediately. The Bureau of Performance Management will in turn notify the IRS Office of Safeguards with an encrypted electronic message with the information provided and with "Incident Response" on the subject line.
Penalties for Unauthorized Disclosure
The penalties for unauthorized disclosure include the following:
- Unauthorized disclosure of Federal tax return information may be punishable by a $5,000 fine, 5 years imprisonment, or both (Section 7213 of the Internal Revenue Code).
- A taxpayer may bring suit for civil damages for unauthorized disclosure of tax return information (Section 7431 of the Internal Revenue Code).
- In the case of willful disclosure or gross negligence, punitive damages may be allowed as well as the cost of the action.
These penalties apply even if the unauthorized disclosures are made after employment with the agency has been terminated.
DHS employees are subject to additional restrictions under the Taxpayer Browsing Protection Act. The Act provides a criminal misdemeanor penalty for the willful unauthorized access or inspection of Federal tax information. Tax information includes all returns and return information maintained in either paper or electronic format.
Penalties for Unauthorized Inspection
- Willful unauthorized inspection of Federal tax return information shall be punishable upon conviction by a fine in an amount not exceeding $1,000, or imprisonment of not more than 1 year, or both, together with the costs of prosecution.
- For each act of unauthorized inspection, upon a finding of liability, a cause of action for civil damages may be established (Section 7431 of the Internal Revenue Code). These damages could amount to $1,000 or actual damages, whichever is greater. In the case of gross negligence or a willfully unauthorized inspection, punitive damages may also be assessed.
[signed copy on file]
James T. Dimas
Secretary-designate, Illinois Department of Human Services