Summary: The Internal Revenue Service (IRS) has two approaches for implementing the Taxpayer Browsing Protection Act, which made willful, unauthorized inspection of taxpayer data illegal. Over the long term, IRS believes that modernizing its core automated systems offers the best way to prevent and detect unauthorized access to taxpayers data. According to IRS, modernization (1) will allow it to restrict employees' access to those taxpayer records that they have a work-related reason to look at and (2) enable it to detect unauthorized access almost as soon as it happens. It will be several years, however, before modernization becomes a reality. In the meantime, IRS has taken other steps to deter, prevent, and detect unauthorized access and ensure that consistent disciplinary action is taken when unauthorized access is detected. For example, IRS now provides briefings to all employees on unauthorized access. It has also created a unit to track proven access violations and to help administer penalties. Between October 1997 and November 1998, IRS identified 5,468 potential instances of unauthorized access and completed preliminary investigations of 4,392 of those leads. In 15 cases, IRS determined that employees had intentionally accessed taxpayer data without authorization. These employees either resigned or were fired.
