The Internal Revenue Service’s recent policies expedited the hiring of new employees to fill key roles during the pandemic, even when their fingerprinting or employment eligibility verification were delayed, but prolonged delays could increase the risk of exposure of taxpayer data to potential identity theft, according to a new report.
The
However, the TIGTA report cautions that the faster hiring process could put taxpayer information at risk. “New employees who are given access to sensitive information and have not been fingerprinted or have not had their employment eligibility documents physically inspected could result in the exposure of sensitive information,” it said.
The IRS has made some progress in reducing the number of new employees hired during the pandemic without their identity documents being inspected or getting fingerprinted, the report acknowledged, but the delays put the service at risk of potential exposure of taxpayer data. Temporary federal guidance enabled the IRS to postpone physical inspection of employment eligibility documents for new employees. IRS records as of January 2022 indicated that approximately 1,900 individuals hired from March 23, 2020, through July 17, 2021, were listed as not yet having their employment eligibility documents physically inspected. Of those 1,900 individuals, more than 1,200 began working in 2020.
In addition, the IRS’s Form I-9 SharePoint site as of August 2021 didn’t accurately reflect whether hiring officials had completed a physical inspection of new employees’ Form I-9, "Employment Eligibility Verification," identity documents. TIGTA inspectors uncovered 38 records from the IRS’s Form I-9 SharePoint site for which there was no indication that the hiring officials had physically inspected the new employees’ verifying documents. TIGTA’s review found that five of the forms had hiring official notations indicating that a physical inspection of the documents had taken place, even though the IRS’s Form I-9 SharePoint site wasn’t updated on a timely basis to reflect that physical inspection occurred. Temporary federal guidance also allowed deferred fingerprints for some employees.
The lack of fingerprinting was widely accepted. Approximately one-quarter of the individuals who were hired from March 23, 2020, through July 17, 2021, filled positions that qualified for the fingerprint deferral. As of January 2022, IRS records indicated that 113 individuals still haven’t been fingerprinted, even though 29 of them started working in 2020.
TIGTA also identified 11 individuals who were hired, worked for the IRS for as little as eight and as many as 371 calendar days, and then left the IRS without ever having their identity documents physically inspected. Thus, the majority of them would have gotten access to taxpayer data, but the IRS never verified whether they were eligible for federal employment in the United States.
TIGTA recommended that the IRS’s chief human capital officer do periodic reviews of the Form I-9 SharePoint site and provide periodic reminders to hiring officials who are responsible for completion of those forms to see whether or not the employees still haven’t gone through physical inspection. The IRS should then update the records based upon the results of that review to make sure the Form I-9 SharePoint site represents a complete, accurate representation of the status of the deferred physical inspections. The IRS agreed with TIGTA’s recommendation and plans to take action to fix that particular issue.
“We will continue to provide regular reminders to business units responsible for completion of the Form I-9,” wrote IRS human capital officer Kevin McIver in response to the report. “We will also share the results of the reviews with the business units to identify employees who need their Form I-9 updated.”
Separately, the IRS recently implemented a new fingerprinting process for e-file for tax professionals starting Sept. 25 (