The Internal Revenue Service’s (IRS) watchdog found in a report out last week that the tax agency does not have “sufficient oversight” of the privacy and security of taxpayer data used in its Free File program.
Free File is a public-private partnership between the IRS and several tax preparation software companies who provide their online tax preparation and filing software for free. During the 2024 tax season, the IRS partnered with eight private sector companies for the program.
According to the Treasury Inspector General for Tax Administration’s (TIGTA) Sept. 30 report, the watchdog identified that “several companies have been sanctioned for an unauthorized disclosure of taxpayer information while also participating in the Free File Program.”
“The IRS does not have sufficient oversight of the Free File Program partners to ensure that they are meeting all requirements to protect tax return data from unauthorized disclosure for taxpayers filing returns through the Program,” TIGTA wrote in its report.
According to the IRS, 2.9 million taxpayers filed using its Free File program during the 2024 tax season. The IRS announced earlier this year that it signed a five-year extension agreement for the program.
TIGTA noted that the IRS informs taxpayers that their information is protected from unauthorized access while it is sent to the IRS and that partner companies may not disclose or use tax return information for purposes other than tax preparation without informed and voluntary consent.
“However, the Free File Program acknowledges that the IRS cannot monitor its partners’ software and their use of taxpayer data and information because these are not Federal systems,” the report says.
“Although the IRS may be unable to monitor the partners’ systems and use of taxpayer information, it does have the authority and responsibility to manage the Free File Program,” TIGTA continued, “This includes assessing not only the potential risks to the Program’s reputation, but also the potential risks to taxpayers whose personal information may be shared without consent. In these instances, the IRS should take actions accordingly to address these risks.”
TIGTA recommends that the IRS, at the beginning of each filing season, determine if any Free File Program partners have been identified or sanctioned for an unauthorized disclosure of taxpayer information and document actions taken to mitigate the potential risk to the program. The watchdog also recommends that the IRS identify personnel with the appropriate technical expertise to review the participating partners’ privacy disclosures and taxpayer consents each filing season to evaluate whether the format and content of written consents complies with IRS guidance.
“Given that the IRS has a role to protect the integrity of the Nation’s tax system, including to protect the information of taxpayers, specifically the underserved and underprivileged that are served by the Free File Program, we believe the IRS should be taking actions to address these potential concerns,” TIGTA said. “Instead, the IRS relies on privacy seal vendors to ensure providers’ compliance with these policies.”
TIGTA said that it is conducting a separate review of the IRS’s processes for determining the eligibility of applicants seeking and continuing participation in the authorized e-file provider program, as well as assessing the IRS’s processes for ensuring that online providers are following the guidance for the use and disclosure of taxpayer tax return information.
