Attachment A
IRS’s Privacy Safeguards, Disclosure Safeguards, Record Retention and, Security
IRSAP 1052-224-9000(a) DISCLOSURE OF INFORMATION-SAFEGUARDS (JAN 1998)
In performance of the DOL EFAST contract, the contractor agrees to comply and assume responsibility for compliance by his/her employees with the following requirements:
All work shall be performed under the supervision of the contractor or the contractor's responsible employees.
Any returns or return information made available shall be used only for the purpose of carrying out the provisions of this contract. Information contained in such material shall be treated as confidential and shall not be divulged or made known in any manner to any person except as may be necessary in the performance of the contract. Inspection by or disclosure to anyone other than an officer or employee of the contractor shall require prior written approval of the Internal Revenue Service. Requests to make such inspections or disclosures should be addressed to the IRS COTR.
(3) Should a person (contractor or subcontractor) or one of his/her employees make any unauthorized inspections(s) or disclosure(s) of confidential tax information, the terms of the Default clause (FAR 52.249-6, Alternate IV), incorporated herein by reference may be invoked, at the option of the responsible DOL contracting officer and the person (contractor or subcontractor) would then be considered to be in breach of this contract.
IRSAP 1052.224-9000(D) DISCLOSURE OF "OFFICIAL USE ONLY” INFORMATION SAFEGUARDS (DEC 1988)
Any Treasury Department Information made available or to which access is provided, and which is marked or should be marked "Official Use Only", shall be used only for the purpose of carrying out the provisions of this contract and shall not be divulged or made known in any manner to any person except as may be necessary in the performance of the contract. Disclosure to anyone other than an officer or employee of the contractor or subcontractor at any tier shall require prior written approval of the IRS. Requests to make such disclosure should be addressed to the IRS COTR.
IRSAP 1052.224-9000(e) DISCLOSURE OF INFORMATION -INTERAGENCY AGREEMENTS
(DEC 1988)
All material processed or reproduced pursuant to the contract shall be treated as confidential and the provisions of 26 CFR 301.6103(n)-1 shall apply.
IRSAP 1052.224-9001 (a) DISCLOSURE OF INFORMATION-CRIMINAL/CIVIL SANCTIONS
(JAN 1998)
(1) Each officer or employee of any person (contractor or subcontractor) at any tier to whom returns or return information is or may be disclosed shall be notified by the person (contractor or subcontractor) that returns or return information disclosed to such officer or employee can be used only for a purpose and to the extent authorized herein, and that further disclosure of any such returns or return information for a purpose or to an extent unauthorized herein constitutes a felony punishable upon conviction by a fine of as much as $5,000 or imprisonment for as long as five years, or both, together with the costs of prosecution. Such person (contractor or subcontractor) shall also notify each such officer and employee that any such unauthorized future disclosure of returns or return information may also result in an award of civil damages against the officer or employee in an amount not less that $1,000 with respect to each instance of unauthorized disclosure. These penalties are' prescribed by IRC Section 7213A and 7431 and set forth at 26 CFR 301.6103(n).
(2) Each officer or employee of any person (contractor or subcontractor) to whom returns or return information is or may be disclosed shall be notified in writing by such person that any return or return information made available in any format shall be used only for the purpose of carrying out the provisions of this contract and that inspection of any such returns or return information for a purpose or to an extent not authorized herein constitutes a criminal misdemeanor punishable upon conviction by a fine of as much as $1,000 or imprisonment for as long as one year, or both, together with the costs of prosecution. Such person (contractor or subcontractor) shall also notify each such officer and employee that any such unauthorized inspection of returns or return information may also result in an award of civil damages against the officer or employee in an amount equal to the sum of the greater of $1,000 for each act of unauthorized inspection with respect to which such defendant is found liable or the sum of the actual damages sustained by the plaintiff as a result of such unauthorized inspection plus in the case of a willful inspection or an inspection which is the result of gross negligence, punitive damages, plus the costs of the action. The penalties are prescribed by IRC Sections 7213A and 7431.
(3) Additionally, it is incumbent upon the contractor to inform its officers and employees of the penalties for improper disclosure imposed by the privacy Act of 1974, 5 U.S.C. 552a. Specifically, 5 U.S.C. 552a(i)(1), which is made applicable to contractors by 5 U.S.C. 552a(m)(1), provides that any officer or employee of a contractor, who by virtue of his/her employment or official position, has possession of or access to agency records which contain individually identifiable information, the disclosure of which is prohibited by the Privacy Act or regulations established thereunder, and who knowing that disclosure of the specific material is so prohibited, willfully discloses the material in any manner to any person or agency not entitled to receive it, shall be guilty of a misdemeanor and fined not more than $5,000.
IRSAP 1052.224-9001 (b) DISCLOSURE OF INFORMATION-OFFICIAL USE ONLY (DEC 1988)
Each officer or employee of the contractor or subcontractor at any tier to whom “Official Use Only” information may be made available or disclosed shall be notified in writing by the contractor or subcontractor that “Official Use Only” information disclosed to such officer or employee can be used only for a purpose and to the extent authorized herein, and that further disclosure of any such “Official Use Only” information, by any means, for a purpose or to an extent unauthorized herein, may subject the offender to criminal sanctions imposed by 18 U.S.C. Section 641 and 3571. Section 641 of 18 U.S.C. provides, in pertinent part, that whoever knowingly converts to his use or the use of another, or without authority sells, conveys, or disposes of any record of the United States or whoever receives the same with the intent to convert it to his use or gain, knowing it has been converted, shall be guilty of a crime punishable by a fine or imprisoned up to ten years or both.
IRSAP 1052.224-9002 DISCLOSURE OF INFORMATION-INSPECTION (DEC 1988)
The Internal Revenue Service shall have the right to send its officers and employees into the offices and plants of the Contractor for inspection of the facilities and operations provided for the performance of any work under this contract. On the basis of such inspection, the Contracting Officer may require specific measures in cases where the contractor is found to be noncompliant with contract safeguards.
RESTRICTION AGAINST DISCLOSURE
The DOL agrees, in the performance of the DOL-IRS agreement, to keep specified information contained in source documents or other media furnished in the strictest confidence, said information being the sole property of the IRS. The DOL also agrees not to publish, reproduce, or otherwise divulge such information in whole or in part, in any manner or form, nor to authorize or permit others to do so, taking such reasonable measures as are necessary to restrict access to such information while in the possession of the DOL, to those employees needing such information to perform the Statement of Work, i.e., on a “need to know" basis, and agrees to immediately notify, in writing, the IRS point of contact in the event that it is determined or there is reason to suspect a breach of this requirement.
SAFEGUARD REVIEWS
(1) A safeguard review is an on-site evaluation of the measures used to protect Federal Tax returns and return information and how such information is used. IRS conducts on-site reviews of safeguards on a regular basis. Other criteria will be considered in determining the need for a review. A written review plan will be provided by the IRS. The plan will include a list of records to be reviewed; the scope and purpose of the review; and a list of the specific areas to be reviewed and contractor personnel to be interviewed.
(2) Reviews cover the six areas of IRS Section 6103(p)(4) and, if applicable, need and use. Observing actual operations is a required step in the review process. DOL or contractor employees may be interviewed during the on-site review, generally to clarify procedures or to ascertain employee awareness of security requirements and IRC penalty provisions. DOL and Contractor files will be spot checked to determine the adequacy of safeguards as opposed to an evaluation of the program. A review report will be issued. The DOL and contractor will have an opportunity to provide comments that will be included in the report.
SECURITY OF TAX INFORMATION
Maintaining the security of all tax and taxpayer information provided to the DOL and their contractor is a major concern of the IRS and the SSA. As a result, the following is required:
(a) Management Controls. The DOL shall establish controls to preclude unauthorized, inadvertent or intentional disclosure of taxpayer information, and the use of taxpayer information for purposes other than specified. The DOL shall also impose controls to prevent any employee from "browsing" cases which that employee is not actively working. The DOL shall also use other management techniques such as monitoring of live phone calls, review of case files, etc., to ensure the protection of tax information.
(b) IRS Monitoring and Review of Work. The DOL shall allow the IRS point of contact, representatives of the IRS Internal Security and Internal Audit Divisions, and other government officials designated by the IRS point of contact to review work performance, conduct disclosure and privacy reviews, and review correspondence and case files to determine conformance with tax information security.
(c) If an investigation reveals that a violation of IRC 6103(n) has occurred, the IRS may request DOL to terminate the contract for default.
SECURITY OF RESTRICTED DATA
(a) The DOL shall, in accordance with IRS security regulations and requirements, be responsible for safeguarding restricted data and other classified information. The DOL must also protect all classified documents and material against sabotage, espionage, loss and theft, while performing under this agreement. Except as otherwise expressly provided in this agreement, the DOL shall, upon completion or termination of this agreement, transmit to the IRS any classified matter in the possession of the DOL or any person under the agency's control in connection with performance of this agreement. If retention by the DOL of any classified matter is required after the completion or termination of the agreement and such retention is approved by the IRS, the DOL will complete a Certificate of Possession to be furnished to the IRS specifying the classified matter to be retained. The certification shall identify the items and types or categories of matter retained, the conditions governing the retention of the matter and the period of retention, if known. If the retention is approved by the IRS, the security provisions of the agreement will continue to be applicable to the matter retained.
(b) The DOL agrees to conform to security regulations and requirements of IRS
(c) Minimum Background Investigation of Personnel. The DOL shall not permit any individual to have access to restricted data, formerly restricted data, or other classified information, except in accordance with the IRS's regulations or requirements applicable to the particular type or category of classified information to which access is required.
(d) Criminal Liability. It is understood that disclosures of or failure to safeguard any restricted data, or other classified material relating to the work or services ordered hereunder to any person not entitled to receive them, in connection with work under this agreement, may subject any representatives of the DOL, its agents, employees, contractors or subcontractors to criminal liability under the laws of the United States.
(e) Computer Security. In the event the agreement involves utilization of a computer system, the DOL will establish administrative, technical and physical security procedures in accordance with applicable IRS regulations, to prevent access to IRS information to individuals not formally authorized by the IRS to possess such information.
DOL and the EFAST contractor will attempt in good faith to comply with all IRS security requirements in this agreement and in the applicable contract. In the event that new or changed requirements arise, IRS will advise DOL as soon as possible so that steps can be taken to amend the contract to comply with the new or changed requirements.
| File Type | application/msword |
| Author | 039529 |
| Last Modified By | 039529 |
| File Modified | 2007-07-31 |
| File Created | 2007-07-31 |