RadioBDC Logo
Wolves | Dreamers Listen Live
< Back to front page Text size +

IRS to begin enforcing new privacy and security standards

Posted by Andrew Chan  January 3, 2011 11:00 AM

E-mail this article

Invalid E-mail address
Invalid E-mail address

Sending your article

The IRS will begin enforcing new security, privacy, and business standards as of January 1, 2011. These standards are meant to better serve taxpayers and protect their personal information used by Online Providers of individual income tax returns who collect, process, and store taxpayer information. While these rules went into effect on January 1, 2010, there was a one-year enforcement grace period, which expired on December 31, 2010.

In summary, these new standards are intended to:
• Set minimum encryption and authentication standards for the transmission of taxpayer information over the internet;

• Require periodic vulnerability scans of the Online Provider’s network and electronic systems used for taxpayer data. These scans need to be conducted by independent third-party vendors in accordance with the applicable requirements of the Payment Card Industry Data Security Standards (PCIDSS);

• Require Authorized IRS e-file Providers to have a written information privacy and safeguard policy consistent with the applicable government and industry guidelines. This applies to Authorized IRS e-file Providers participating in the Online Filing of individual income tax returns that own or operate a Web site through which taxpayer information is collected, transmitted, processed or stored;

• Require Online Providers to have their Web site’s domain name registered with a domain name registrar that is located in the United States and accredited by the Internet Corporation for Assigned Names and Numbers (ICANN). The domain name shall be locked and not be private;

• Protect against the bulk-filing of fraudulent income tax returns; and

• Require the reporting of security incidents to the IRS in a timely manner. Security incidents include the unauthorized disclosure, misuse, modification, or destruction of taxpayer information.

For purposes of these standards, an Online Provider is defined by the IRS as follows: “An Online Provider allows taxpayers to self-prepare returns by entering return data directly on commercially available software, soft- ware downloaded from an Internet site and prepared off-line, or through an on- line internet site. An Online Provider also chooses another Provider Option, either Software Developer, Transmitter, or Intermediate Service Provider as Online Provider is a secondary activity. Although an ERO may also use an internet Web site to obtain information from taxpayers to subsequently originate the electronic submission of returns, the ERO is not an Online Provider.”

For more information about these standards, visit the IRS’ web site at,,id=201195,00.html

This blog is not written or edited by or the Boston Globe.
The author is solely responsible for the content.

E-mail this article

Invalid E-mail address
Invalid E-mail address

Sending your article

Local finance professionals share insights and advice on issues such as budgeting, managing debt, and retirement planning.

About the contributors

D. Abraham Ringer is a CERTIFIED FINANCIAL PLANNER practitioner and a Financial Adviser with Morgan Stanley Global Wealth Management in Boston. He is registered in MA, NH, NY and several other states to which his articles are directed. For more information please visit
Financial Planning Association™ of Massachusetts has 900 members who specialize in the financial planning process. Many of its members engage in philanthropic pro bono work in their communities, recommend legislation, elevate public awareness, promote financial literacy, and advocate for sound economic and tax policies.
Odysseas Papadimitriou is the founder of, a credit card and gift card marketplace, and, a personal finance site. He has more than 13 years of experience in the personal finance industry, and previously served as senior director at Capital One.

E-mail your question

Your question/comment: