Information (in)security at the IRS (again)

By Douglas Schweitzer
October 10, 2008 10:30 AM EDT
As if taxpayers needed another reason to scorn the IRS. I read yesterday that the inspector general review of several IRS computer systems found "several weaknesses in control over access to applications containing sensitive information." I remember reading last month that the inspector general had found computer weaknesses at the IRS. This time around the IG didn’t criticize the IRS security policies that are in place, only that they’re not being adhered to.

As far as security goes, I think it’s fantastic that IRS policies include a requirement that managers authorize requests for system access and that users have a legitimate need for that access. That users must first pass background investigations is also a solid requisite. As in so many industries however, it’s not the security policy that is a problem, but a lack of adherence to it. The IRS seems to be no different – but that’s small consolation for all of us taxpayers who have no choice but to have a relationship with this agency.