Tens of millions of taxpayers are cast out to engage with the for-profit tax preparation industry just to pay the government the money they already know they owe, so it’s no surprise that the IRS’s report to Congress on an IRS-run direct e-file return system was met with massive approval. A direct e-file return system brings the promise of a public option for filing returns.
One huge requirement of making a shift to a space likely dominated by a public option from a space dominated by for-profit private tax preparers is accountability. When private preparers leaked or mishandled data, taxpayer redress was arduous or nonexistent; the same can’t be true under the new system.
There’s nothing inherently more secure about data being maintained by a public entity as opposed to a private one. Much of the rest of the world has had a public tax preparation option for a long time, but some of them have also suffered massive data breaches. The IRS isn’t a stranger to data leaks itself.
The obvious counterargument is that if the IRS already has much of the data that would be provided in the process of filing a return, the need for security and the concern regarding leaks is already present. But although that may broadly be true, there are additional exposures and potential avenues of attack opened when a new system is rolled out and data is being transferred between taxpayers and the tax administration.
If only for the symbolism, the Taxpayer Bill of Rights needs to be amended, and an 11th right added. Studious tax advocates may protest and point to the rights to privacy and confidentiality—but these don’t get to the heart of the issue regarding the assessment of damages.
If my privacy or confidentiality is breached, that is one cause of action. If it’s an actual “thing” I own and my data has been appropriated or misused, that’s something else entirely. In light of this, I humbly submit the following proposal.
The Right to Ownership of One’s Data
Taxpayers own their personal data. Considering these ownership rights, they have the right to control their personal data. This includes their private tax information and any information they provide to the IRS. Taxpayers have the right to be compensated by the IRS if their data is used inappropriately or misused by any entity, including governmental agencies, stemming from a mishandling of said data by the IRS. Taxpayers have the right to pursue legal recourse and expect appropriate actions to be taken against the IRS for any unauthorized use of their data not mandated by law.
Canada’s Cautionary Tale
It also can be instructive to look abroad to how other countries are handling the calculation and collection of taxes. Here, we have a negative example to point to with our neighbors to the north.
Canada pushes most taxpayers through the Canadian Revenue Agency online portal for handling tax reporting and payment remission. It carries benefits often enumerated involving the avoidance of duplication of effort. The tax authority knows what you owe, and you only need to make adjustments.
But the portal falls short on holding the CRA accountable should things go awry. In fact, it explicitly disclaims the CRA from liability.
The portal’s terms of use, with something of a hand wave, state: “The CRA has taken all reasonable steps to ensure the security of this Web site. We have used sophisticated encryption technology and incorporated other procedures to protect your personal information at all times. However, the Internet is a public network and there is the remote possibility of data security violations. In the event of such occurrences, the CRA is not responsible for any damages you may experience as a result.”
In other words, they’re basically saying: Look, we tightened all the screws and bolts to a reasonable degree, but let’s face facts—cars are inherently dangerous. If the steering wheel flies off when you’re driving, that isn’t on us.
That simply can’t be mirrored in the US. The process for filing a damage claim for a data leak needs to be made simple right from the outset. The aforementioned report notes that qualitative user research indicated respondent taxpayers are “sensitive to cost, privacy, and security in their tax filing choices.”
That’s with good reason. Private preparers have been expensive, exploitive, and insecure, but they also have been made to pay for being so.
Removing, or at least reducing, the amount of taxpayer data flowing through for-profit data harvesters is an enormous step in the right direction, but data leaks are still a concern. After all, there’s no difference between one’s data being leaked accidentally and one’s data being sold intentionally for the end user taxpayer—save perhaps for the identity of the receiving party.
Look for Leahey’s column on Bloomberg Tax, and follow him on Mastodon at @andrew@esq.social.
Learn more about Bloomberg Tax or Log In to keep reading:
See Breaking News in Context
From research to software to news, find what you need to stay ahead.
Already a subscriber?
Log in to keep reading or access research tools and resources.