IRS Privacy Policy

All personal information you provide to us is voluntary.  We may collect personal information about you (such as name, email address, Social Security number or other unique identifier) only if you specifically and knowingly provide it to us.  We will use your information to process requests for certain services or information.  Providing your information is generally voluntary, but if it is not provided, we might not be able to process your transaction.   When information is required, we will let you know before we collect it.

We collect PII and other information only as necessary to administer our programs.  The information you provide will be used only for that purpose.  We do not sell the information collected at this site or any other information we collect.  You do not have to give us personal information to visit our website.

Throughout our website, we will let you know if the information we ask you to provide is voluntary or required.  By providing your personal information, you give us consent to use the information only for the purpose for which it was collected.  We describe those purposes when we collect information.  We will ask for your consent before using the information you provide for any secondary purpose other than those required by federal law.

The IRS is committed to protecting the privacy rights of America's taxpayers. These rights are protected by the Internal Revenue Code, the Privacy Act of 1974, the Freedom of Information Act, and IRS policies and practices. Visit the IRS Electronic Freedom of Information Act Reading Room for more information about these laws. We document much of our internal policy on these laws in IRM 10.5.1, Privacy Policy.

The Senior Agency Official for Privacy (SAOP), as mandated by OMB M-16-24 PDF, has overall responsibility and accountability for ensuring the agency’s implementation of information privacy protections, including the agency’s full compliance with federal laws, regulations, and policies relating to information privacy.  The SAOP for the IRS is positioned at the Department of Treasury. 

• Report phishing
• Identity theft, fraud & scams
• Privacy Impact Assessments
• Taxpayer Bill of Rights

A PCLIA is a decision-making tool used to identify and mitigate privacy risks at the beginning of and throughout the development life cycle of a program or system. PCLIAs help the public understand what PII the agency is collecting, why it is being collected, and how it will be used, shared, accessed, secured and stored. The PCLIA uses the Fair Information Practice Principles (FIPPs) to assess and mitigate any impact on an individual’s privacy. Generally, a PCLIA is required before a program or system containing PII becomes operational.

Generally, a PCLIA should accomplish these goals:

• Ensure conformance with applicable legal, regulatory, and policy requirements for privacy.
• Determine the risks and effects.
• Evaluate protections and alternative processes to mitigate potential privacy risks.
• Provide assurance to the public about the protection of privacy and constitutional rights.

Approved PCLIAs are published on the IRS's Privacy Impact Assessment page unless they are classified.

A System of Records is a group of records under the control of any federal agency from which information is retrieved by a unique personal identifier assigned to an individual. A SORN is a formal notice to the public published in the Federal Register that identifies the purpose for which PII is collected, from whom and what type of PII is collected, how the PII is shared externally (routine uses), and how to access and correct any PII maintained by the department or agency.

A SORN is required when a government agency has a system of records as defined above. In some instances, the agency may have an existing SORN that covers a collection of systems or programs.

All SORNs are approved by the agency’s Chief Privacy Officer prior to publication and are sent to OMB and Congress for comment.  After, they are published in the Federal Register for thirty days to give the public notice and time to comment. A program or system may not become operational until the SORN has been published for 30 days.

All IRS SORNs published in the Federal Register can be found on the U.S. Department of the Treasury System of Records Notices webpage. There is a section labeled “Exemptions claimed for the system” that lists any exemptions to the Privacy Act at the end of each SORN.

A computer matching program is required by the Privacy Act for any computerized comparison of two or more automated systems of records, or a system of records with non-federal records, for establishing or verifying eligibility or compliance as it relates to cash or in-kind assistance or payments under federal benefit programs.

Notices for approved computer matching programs are published in the Federal Register and can be found on the U.S. Department of the Treasury Computer Matching Programs webpage. There are exemptions for computer matching agreements for internal systems used for tax administration purposes.

In accordance with Section 522 of the Consolidated Appropriations Act of 2005, the Department of the Treasury prepares a report to Congress on an annual basis covering the Department’s activities which affect privacy. These activities include complaints of privacy violations, implementation of section 552a of title 5, 11 United States Code, internal controls, as well as other relevant matters.  A listing of all publicly available privacy reports can be found at the U.S. Department of the Treasury Privacy Act Annual Reports webpage.

Information on IRS Privacy Act Implementation Rules can be found at the Federal Register Privacy Act Implementation for the U.S. Department of the Treasury.

Exemptions to the Privacy Act can be found near the end of each individual SORN, in the “Exemptions claimed for the system,” as well as in Treasury Regulation 31 CFR 1.36.

Note: Federal tax records are exempt from access or amendment. To amend a federal tax record, taxpayers must file Form 1040-X or follow IRS procedures for other changes, such as change of address.

The Privacy Act of 1974, as amended, provides safeguards against unwarranted invasions of privacy by establishing a code of "fair information practices."  The principles, commonly referenced as the fair information practice principles (FIPPs), require agencies to comply with statutory norms for collection, maintenance, access, use, and dissemination of records.

To increase transparency and assure notice to individuals, the Privacy Act requires agencies to publish in the Federal Register notice of modifications to or the creation of systems of records. The term "system of records" means a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.

A current listing of the Department's System of Records, along with updated routine uses and claimed exemptions, can be found the on the Treasury Department's System of Records Notices page.

To further protect the individual, the Privacy Act requires all records which are used by the agency in making any determination about any individual to be maintained with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to assure fairness to the individual in the determination.

The Privacy Act grants individuals increased rights of access to records maintained about them, as well as the right to seek amendment of records maintained about them. 

IRS offers routine access to other records through procedures designed to make access quick and easy. If you are working directly with an IRS employee on an open tax case, you can request information from the file directly from them.

Freedom of Information Act (FOIA) guidelines

A privacy complaint is a written allegation filed with the Service's Office of Privacy, Governmental Liaison and Disclosure, regarding a potential problem or violation of privacy protections in the administration of IRS programs and operations that may cause harm or violation of your personal or information privacy. This complaint or inquiry may concern:

• Issues regarding consent, collection, and appropriate notice
• Issues regarding unauthorized disclosures
• General IRS privacy policy and procedures 

The Office of Privacy, Governmental Liaison and Disclosure can't assist you with any type of tax matter. We may only address questions about IRS privacy policies or complaints you may have regarding how IRS uses and collects personal information. Do not send in any sensitive information through this correspondence.

Please include as much information as possible to help with our research and response to your query, as appropriate and known. Include the date of the incident, the date of discovery, and what personal information was affected. IRS takes your privacy concerns very seriously, and will respond fully and timely.  Please allow up to four weeks for a written response to your complaint or inquiry, so that we have time to research and resolve.

Write the Director, Office of Privacy, Governmental Liaison and Disclosure if you have any questions or comments regarding the IRS website's privacy policy or to submit a privacy complaint.

Director, Office of Privacy, Governmental Liaison and Disclosure
Internal Revenue Service
Room 7050 OS:P
1111 Constitution Ave., NW
Washington, DC 20224