Taxpayer security remains a major concern across the United States.
The Internal Revenue Service continues to use carrots — such as sharing security tips from tax pros who've been victimized — and sticks — specific data retention rules that practitioners must follow — to help protect tax pros and their clients.
But the IRS is not alone in taking steps to protect taxpayer data.
All states now taxpayer security breach notifications laws. And Virginia recently expanded its requirements, now mandating that tax professionals report any taxpayer data breach within a “reasonable amount of time."
Enhancement of existing law: This new law, which took effect at the beginning of the state's fiscal year on July 1, is the second consecutive effort by Virginia officials to fight tax data and identity theft schemes.
In March 2017, then Gov. Terry McAuliffe signed into law a measure that required employers and payroll service providers to notify the Virginia Office of the Attorney General of “unauthorized access and acquisition of unencrypted computerized data containing a taxpayer identification number in combination with the income tax withheld for an individual"
Then this past March, Gov. Ralph Northam signed H.R. 183, a bill that originated with the Virginia Department of Taxation.
Under this 2018 amendment to the original tax security law, when a Virginia income tax return preparer discovers or is notified that a data breach that may lead to identity theft or other fraud has occurred, that tax pro must now must, "without unreasonable delay after the discovery or notification of unauthorized access and acquisition of unencrypted and unredacted return information," notify Virginia's tax office.
The specific tax return information cited in the new law includes anything that could reveal "a taxpayer's identity and the nature, source, or amount of his income, payments, receipts, deductions, exemptions, credits, assets, liabilities, net worth, tax liability, tax withheld, assessments, or tax payments."
When any of that info is compromised, the tax preparer who signed the return must provide Old Dominion tax officials with the affected taxpayer's:
- Taxpayer identification numbers,
- Tax preparer name and identification number; and
- Any other information as the Department of Taxation may prescribe.
Full U.S. data breach coverage: While Virginia's latest effort to protect its taxpayers from security breaches, it is not alone.
In fact, just about the time this past spring that the Virginia law was being signed by its governor, Alabama became the final state to enact a similar security breach notification measure. Insert you own joke about how things move at a more leisurely pace in the South.
That means that all 50 states, as well as the District of Columbia, Puerto Rico, Guam and the U.S. Virgin Islands, now have codified ways to protect their taxpayers against data break-ins that could make them susceptible to fraudulent tax flings and identity theft. Not surprisingly, activist California was the first to do so 16 years ago.
Joseph J. Lazzarotti and Jason C. Gavejian, principals with the Morristown, New Jersey, office of the Jackson|Lewis law firm, and Maya Atrakchi of the firm's New York City branch, have put together an overview of the myriad U.S. data breach notification laws.
Individual care necessary, too: While all this official governmental action is a welcome weapon in the continuing war against crooks seeking to steal our tax information, remember that we as taxpayers also need to take steps, too, to protect ourselves.
You can read more on how to avoid tax scams and protect yourself against tax ID theft in the posts here on the ol' blog. When you click on those links, this post will show up first in each category; just keep scrolling for all the many, many more items.
The key is that everyone — from Uncle Sam to state tax offices to all us filers — needs to be careful out there, at tax and all times!