Confidential information on earnings is obtained through the following data exchanges:
- IRS 1099 Account Data provided through data exchanges with the Internal Revenue Service (IRS); and
- Beneficiary Earnings Exchange Record (BEER) data provided through data exchanges with the Social Security Administration (SSA); and
- National New Hire, Unemployment Benefits and Quarterly wage information provided through data exchanges with the National Directory of New Hires (NDNH). (See PM 22-14-02.)
Earnings information is to be used by the Department, contracted providers, and others strictly for the administration of the programs, with certain exceptions specified by law. Client records are private and must not be used for personal, political or business reasons. Whenever client information is given to another agency or governmental department, inform them that the information must be kept confidential.
Procedures for Protecting Confidentiality
During nonwork hours, the FCRC Administrator or Financial Recovery Coordinator (FRC) shall place confidential earnings information (both unverified and verified) in a locked desk, room, file cabinet, or safe.
Staff must take measures to guard against unauthorized disclosure of confidential earnings information. Unauthorized disclosure is defined as using or allowing anyone to use or see the information for any purpose other than the administration of DHS programs. Staff may share the information (or the source of the information) with the client to determine its accuracy.
It is the policy of the Illinois Department of Human Services and the Internal Revenue Service that no Federal Tax Information (FTI) or National Data New Hire (NDNH) information may ever be sent to anyone by means of email or fax machine.
Procedures for Breach of FTI or NDNH Confidentiality Information
In accordance with IDHS Incident Procedures, in all cases, the IDHS Chief Privacy Officer (CPO), and the IDHS Chief Information Security Officer (CISO), the Bureau of Performance Management (BPM), and the Division Director and/or his or her designee must be contacted immediately upon discovery of an authorized disclosure, use or access of FTI or NDNH data by the person who discovered the data incident or the person's supervisor. The CPO and CISO will direct the investigation into the data incident.
The CPO, the CISO, or the BPM must report the data incident within 24 hours to the following agencies:
- FTI: Special Agent-in-Charge, Treasury Inspector General for Tax Administration (TIGTA) in Chicago at (312) 554-8751; and
- NDNH: Administration for Children and Families Office of Child Support Enforcement FPLS Information Security officer by telephone at (202) 401-5410 or email at firstname.lastname@example.org.
These agencies will be notified with the information listed below, by an encrypted electronic message with "Incident Response" on the subject line.
Refer to WAG 01-01-04c for information to be provided when reporting a breach in Federal Tax Information (FTI).
Penalties for Unauthorized Disclosure
The penalties for unauthorized disclosure include the following:
- Unauthorized disclosure of Federal tax return information may be punishable by a $5,000 fine, 5 years imprisonment, or both.
- A taxpayer may bring suit for civil damages for unauthorized disclosure of tax return information.
- In the case of willful disclosure or gross negligence, punitive damages may be allowed as well as the cost of the action.
These penalties apply even if the unauthorized disclosures are made after employment with the agency has been terminated.
DHS employees are subject to additional restrictions under the Taxpayer Browsing Protection Act. The Act provides a criminal misdemeanor penalty for the willful unauthorized access or inspection of Federal tax information. Tax information includes all returns and return information maintained in either paper or electronic format.
- Unauthorized disclosure, use of, or access to NDNH data may be punishable by an administrative penalty of (up to and including dismissal from employment), and a $1,000 fine (Subsection 453(l)(2) of the Social Security Act).
Penalties for Unauthorized Inspection
- Willful unauthorized inspection of Federal tax return information shall be punishable upon conviction by a fine in an amount not exceeding $1,000, or imprisonment of not more than 1 year, or both, together with the costs of prosecution.
- For each act of unauthorized inspection, upon a finding of liability, a cause of action for civil damages may be established. These damages could amount to $1,000 or actual damages, whichever is greater. In the case of gross negligence or a willfully unauthorized inspection, punitive damages may also be assessed.
- Unauthorized inspection, use of, or access to NDNH data may be punishable by an administrative penalty of (up to and including dismissal from employment), and a $1,000 fine (Subsection 453(l)(2) of the Social Security Act).