Skip to content

IRS Information Requests & Privacy

by Mary Beth Guard, BOL Guru

Question: We have received a request from the IRS requesting information about one of our customers. The request asks us to give some information about this person (name, address, telephone numbers, etc.) It is signed by the operations manager, automated collection system. Our question is, since it is from the IRS, is it a violation of the privacy act to give the information to the IRS? Should they subpoena the information?

Answer: It is likely that the Right to Financial Privacy Act would preclude you from being able to legally release this information pursuant to this type of request. Under the federal Right to Financial Privacy Act ("RFPA"), you are prohibited from releasing information about a customer to a federal government authority (including the IRS) unless the customer has authorized the disclosure, or the disclosure falls within one of the many exceptions in the RFPA, or the government follows the "correct procedure" for obtaining the information.

The correct procedure involves using a summons, subpoena, search warrant, or formal written request. The RFPA restricts the use of formal written requests to agencies that do not have the power to issue a summons or subpoena. IRS can issue its own summonses, so it cannot use a formal written request. Therefore , if your customer has not authorized the information release (and customer authorization must meet seven criteria under the RFPA) , you must look at whether the request is permissible because it falls within an exception to the general prohibition against disclosure.

There is one exception in Section 3413(c) that says "Nothing in this chapter prohibits the disclosure of financial records in accordance with procedures authorized by title 26." Title 26 is the Internal Revenue Code. This simply means, however, that rather than following the RFPA, the IRS may use alternate procedures under the Internal Revenue Code to seek the information. Examine the document you have received very carefully to see if it indicates that it is being used under a particular section of the IRC. From past experience, I believe you will not find any evidence a Title 26 procedure is being followed.

So, we turn to the remaining RFPA exceptions. There is one which allows a financial institution to disclose the name and address of any customer to the Department of the Treasury, the Social Security Administration, or the Railroad Retirement Board, where the disclosure of such information is necessary to, and such information is used solely for the purpose of, the proper administration of programs of withholding taxes on nonresident aliens, Federal Old-Age, Survivors, and Disability Insurance Benefits, and Railroad Retirement Act Benefits. Even if that is the goal of this information request, it sounds like IRS (which is part of the Department of the Treasury) is seeking more information than this provision would allow.

Without further information demonstrating their legal basis to acquire the customer data, you should refrain from responding to the request.

The original version appeared in the January/February 2003 edition of the Oklahoma Bankers Association Compliance Informer.

First published on BankersOnline.com 6/9/03

First published on 06/09/2003

Search Topics