An Internal Revenue Service website shows that more than three dozen computer security documents dictating how federal, state and local agencies must protect federal tax information were released around the same time the IRS commissioner says he was notified about ex-official Lois Lerner’s lost emails.
IRS Commissioner John Koskinen was grilled Monday night by the House Oversight and Government Reform committee; when Chairman Darrell Issa (R-Calif.) asked whether Koskinen had known in March — when he previously testified before the committee — if there was a problem with Lerner’s emails, the commissioner said he did not.
“I knew that I had been told there was an issue that no one knew the ramifications of … someone said there’s an odd development in the way that the emails are showing up,” Koskinen said, confirming the issue was brought to light in March. He then said he was informed in April of the email losses.
“The first time I knew that emails had been lost from her account was in April,” Koskinen said.
But another massive update falls within the same few days Koskinen described, indicating work must have been done in the weeks prior to accomplish it.
The IRS’ “Safeguards Program” is responsible for ensuring that federal, state and local agencies receiving federal tax information protect it as if the information remained in IRS’ hands, according to the IRS website, and at least 40 of its “Computer Security Evaluation Matrix” downloads were updated on one day: April 11, 2014.
The documents were made available to outside agencies for preparing an IT environment for receiving, processing or storing tax information.
“These agencies and their contractors receiving federal tax information must protect the confidentiality of return information and are periodically reviewed by Safeguards personnel to ensure they meet the safeguarding requirements of IRC 6103(p)(4). These requirements include employee awareness programs, proper disposal, secure storage and computer security among others,” the site reads.
The IRS site describes how agencies are required to handle taxpayer data according to the revised provisions: “Local, state and federal agencies receiving federal tax information must follow the revised provisions of Section 10 of Publication 1075 upon discovering a possible improper inspection or disclosure of FTI, including breaches and security incidents.”
“Agencies must contact Treasury Inspector General for Tax Administration and the IRS Office of Safeguards immediately, but no later than 24-hours after identification of a possible issue involving federal tax information. Agencies are not to wait until after their own internal investigation as been conducted … Contacting TIGTA is critical to expedite the recovery of compromised data and identify potential criminal acts.”
IRS representatives did not immediately respond to a request for comment from TheBlaze about the timing of the restrictions.
Issa did not press Koskinen to clarify whether he meant emails were missing from Lerner’s hard drive — as initially reported by the IRS– or her account, as Koskinen stated Monday night; the vast difference in those statements alone deserves attention, but the timing of these computer security evaluation releases may also be under scrutiny.
Watch the Issa/Koskinen hearing fireworks here:
Follow Elizabeth Kreft (@elizabethakreft) on Twitter