Is your tax data at risk from your tax preparer using IRS “e-services”? The Treasury Inspector General for Tax Administration (TIGTA) ponders that question in a recent study and concludes that “Insufficient E-Services Controls May Put Taxpayer Data at Risk.”

What Is E-Services?

E-services is an on-line IRS service that allows tax practitioners to do a variety of things on behalf of clients, on-line.

E-services is great because it’s far faster to submit a power of attorney on-line than to mail or fax it in. When I’m working on a case for a client, I can quickly and easily pull their transcripts using the on-line system.

But I never use e-services without first getting a power of attorney signed by the client.

And I only use e-services on cases where I am doing an in-depth work for the client that requires me to go to bat for them against the IRS. I don’t use it for routine amended returns. Nor do I use it for routine transcript requests, which the client can actually request, for free, themselves.

What’s the Problem?

Practitioners must receive signed authorizations from the client before using e-services to pull information on the client — and according to the TIGTA report, that isn’t always happening.

TIGTA surveyed taxpayers whose accountant had used e-services on their behalf. The survey showed that 92% of the time, their accountant had gotten proper authorizations ahead of time.

But in the survey of practitioners, TIGTA claims that only 64% of practitioners had gotten proper authorizations ahead of time. I think TIGTA is being a little misleading in this part, because it looks like they lumped in “no response” with “incorrect,” so if a practitioner didn’t respond to the TIGTA survey, TIGTA assumed something was done wrong.

At any rate, we can say that up to possibly 1/3 of the time, practitioners aren’t following proper e-services protocol by getting signed authorizations ahead of time.

Solutions

This problem isn’t nearly as big of a deal as our government publishing deceased people’s names, Social Security Numbers and dates of birth in a publicly accessible file. But it is a problem.

I think a simple solution would be to require a practitioner to submit a scanned copy of the signed authorization before they can access the taxpayer’s information. It’s a simple solution, and one that practitioners already deal with in other areas (for example, we already have to submit scanned copies of the e-file authorization when e-filing business tax returns).

I just hope the IRS doesn’t respond to this report by doing something heavy handed that makes e-services less accessible and less user friendly.

You can read the entire TIGTA report here.