BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

dumpster diving at IRS

From: Henry Brown <hbrown () knology net>
Date: Fri, 22 May 2009 21:04:49 -0500
From the Washington Post: http://tinyurl.com/ran2wq
...
The Internal Revenue Service has long advised consumers to shred old tax returns and other documents that contain sensitive data, as a way to thwart identity thieves who sometimes root through trash bins in search of identity information. But it seems the IRS doesn't take its own advice: a recent investigation of more than a dozen IRS document disposal facilities found that -- at each location -- old taxpayer records were being tossed out in regular waste containers and dumpsters.
The audit by the Treasury Inspector General for Tax Administration also found that IRS officials failed to consistently verify whether contract employees who have access to taxpayer documents had passed background checks.
In addition, investigators also had trouble finding anyone responsible for overseeing most of the facilities that the IRS contracted with to burn or shred sensitive taxpayer documents.
"We found evidence of only 2 instances where IRS personnel conducted visitations to shred/burn facilities in the past 2 fiscal years," the report notes. "Not all Territory Managers were even able to identify the contractor who provided their shred/burn services or where they were located. None of the four contractor sites we visited had ever received a request from the IRS to inspect their facility or onsite records."
In a written response to the report, the IRS said it had improved oversight of the document disposal contractors, and increased the level of verification to ensure contractors have passed background checks.
A copy of the inspector general's report, including the IRS's official response, is available here (PDF). http://www.treas.gov/tigta/auditreports/2009reports/200930059fr.pdf 
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: