The IRS has mandated six (6) new security, privacy, and business standards to better serve taxpayers and protect their information collected, processed and stored by Online Providers of individual income tax returns.
Individual income tax returns generally refer to the 1040 family of returns. Refer to the IRS Publication 3112, IRS e-file Application and Participation, for definition of Online Provider.
These new standards are intended to supplement the Gramm-Leach-Bliley Act and the implementing rules and regulations promulgated by the Federal Trade Commission.
The security and privacy objectives of these standards are: setting minimum encryption standards for transmission of taxpayer information over the internet and authentication of Web site owner/operator’s identity beyond that offered by standard version SSL certificates; periodic external vulnerability scan of the taxpayer data environment; protection against bulk-filing of fraudulent income tax returns; and the ability to timely isolate and investigate potentially compromised taxpayer information.
These standards also address certain business and customer service objectives such as instant access to Web site owner/operator’s contact information, and Online Provider’s written commitment to maintaining physical, electronic, and procedural safeguards of taxpayer information that comply with applicable law and federal standards.
Compliance with these standards is mandatory effective January 1, 2010. However, there will be a one-year enforcement grace period. The grace period expires December 31, 2010.
Please visit IRS.gov and/or refer to the Web content version of Publication 1345, Authorized IRS e-file Providers e-filing Individual Income Tax Returns, for details.
Back to top
What's New