Privacy Rights Clearinghouse
Submitted electronically by the PRC to: Notice.Comments@irscounsel.treas.gov 
Internal Revenue Service
P.O. Box 7604, Room 5203
Ben Franklin Station
Washington, DC 20044
ATTN: CC:PA:LPD:PR (REG 137243-02)
RE: Disclosure and Use of Tax Return Information ñ REG 137243-02 http://www.irs.gov/irb/2006-03_IRB/ar16.html 
To the Internal Revenue Service:
The Privacy Rights Clearinghouse1 (PRC) is pleased to join the Electronic Privacy Information Center (EPIC) in commenting on the Internal Revenue Service's (IRS or agency) proposal to update rules regarding disclosure and use of tax return information by tax return preparers.2http://epic.org/privacy/tax/irscom3806.html 
We offer, in addition, the following supplemental comments.
At no time is one's expectation of privacy greater than with tax preparation. The proposed rules address privacy concerns in some important ways by requiring consumer consent where none was previously required. At the same time, the rules open the door for far more insidious privacy invasions by allowing tax return information to be used for marketing and shared by preparers with "any person."
We direct our comments to the following aspects of the proposed rule changes to 26 CFR Part 301.
- Consent for Disclosure of Tax Return Information Outside the United States
- Consent for Solicitation of Services by ìAny Personî
- Knowing, Informed and Voluntary Consent
Outside the United States
In recent years, advances in technology have led to outsourcing of all manner of customer financial transactions and account services. Driven by low-cost workers, large accounting firms and other tax preparers, like many other industries, contract with foreign companies. By most accounts, outsourcing for tax preparation has increased dramatically. The New York Times, for example, in a February 15, 2004, article, quoted one certified public accountant as saying: "The number of returns is four times larger than last year, and many more times the several thousand just two years ago."3
Risks to privacy and the inability of the individuals - and the government - to seek redress for privacy violations and data security breaches have been addressed by organizations such as the PRC,4 and in extensive press coverage, as well as a study by the Federal Deposit Insurance Corporation.5
To its credit, the IRS's proposed rule closes the loophole in the Gramm-Leach-Bliley Act that requires neither notice nor consent before sensitive customer data is transmitted to foreign "service providers." In written comments and public hearings the agency will doubtless hear appeals from companies that outsource tax preparation seeking to modify or eliminate required consent. We urge the agency not to be swayed by these arguments. The agency must persist in putting privacy and security above corporate profits.
The proposed rules remove previous restrictions on sharing information outside an "affiliated group" for marketing. If adopted, tax return preparers may seek consent to furnish tax return information to ìany personî to solicit the taxpayer to purchase other products or services. In addition, the proposal allows that an entire tax return may be disclosed for marketing purposes. The privacy implications of this proposal are disturbing and far reaching.
To conduct most business, consumers may reveal only certain kinds of personal information. Tax return information, in contrast, can encompass nearly every aspect of a consumer's financial as well as personal life. Tax returns routinely include Social Security numbers, account numbers, investment successes - and failures - and even information about business or personal relationships gone sour. The marketing and profiling potential from such all-encompassing compilations of personal data is unlimited. Informed consent cannot be realistically obtained for all the potential uses if tax preparers are allowed to disclose information to "any person."
Consumers may ultimately sacrifice privacy in as yet untold ways. For example, a large corporate tax preparer that profits from the sale of tax return information to third-party solicitors may well afford to charge minimum fees for tax preparation. Small independent tax preparers that have no inclination to share information with outsiders may be forced to charge fees commensurate with the work involved solely in tax return preparation. If faced with a choice, some consumers, particularly those of modest means, may be forced to choose cost over privacy.
Another unfortunate byproduct of third-party sharing of tax return information could be that taxpayers are driven by cost considerations to large companies. This could easily prove the downfall of many independent preparers that may be more respectful of client privacy but that rely solely on income from tax preparation. This is not a result the IRS should encourage.
The IRS should abandon its proposal and specifically prohibit disclosures to third-party solicitors.
If the agency persists in removing barriers to third-party solicitations, the agency should place very stringent limitations on the practice. For example:
- Only identity information should be shared.
- Disclosures to third parties should be limited to solicitations for financial services or products.
- Preparers that provide information to third parties should be required to create an audit trail of all such disclosures.
- Third parties that receive tax return information should be prohibited from further disclosure of the information.
- Penalties for unauthorized disclosure or misuse of tax information should apply to third-party companies that receive information.
The proposed regulations are a great improvement over many other forms of notice and consent consumers now receive. For example, (1) notice of disclosures and use must be separate from all other documents, (2) the tax preparer may not condition services upon consent, and (3) consent must be obtained before information is disclosed.
We also agree with recommendations made by EPIC and NCLC addressing situations where time pressures and lack of English literacy may prevent taxpayers from reading consent forms. Thus, tax preparers must take extra steps to ensure that consent is informed and voluntary.
The IRS should also take steps to prohibit statements in the consent form implying that a taxpayer may be harmed by not giving consent. For example, consent forms should not include language such as, "By not consenting you may not learn about valuable offers." We have seen such statements included in privacy notices mandated by GLB. Some companies on the one hand give the required opt-out, but on the other hand include language to imply that opting out will have some adverse effect on the consumer. This should not be allowed in the tax preparers' consent forms.
To be fully informed, taxpayers should also be advised of the consequences of giving consent. For example, if a tax preparer seeks consent to the use of offshore tax preparation services, the consent form should clearly state that it is difficult ó or impossible ó for the United States Government to pursue an action against a tax preparer located outside the United States. Similarly, a tax preparer that seeks consumer consent to sell or share tax return information with a third-party non-affiliate should clearly advise the tax payer that information, once disclosed, is out of the tax preparer's control.
Again, we appreciate the opportunity to comment.
Beth Givens, Director
Tena Friery, Research Director
Privacy Rights Clearinghouse
3100 5 th Ave., Suite B
San Diego, CA 92103
1. The Privacy Rights Clearinghouse is a nonprofit consumer education and advocacy organization based in San Diego, CA, and established in 1992. The PRC advises consumers on a variety of informational privacy issues, including financial privacy, medical privacy and identity theft, through a series of fact sheets as well as individual counseling available via telephone and e-mail. It represents consumers' interests in legislative and regulatory proceedings on the state and federal levels. www.privacyrights.org 
4. Statement on Outsourcing and Privacy, Testimony of PRC Director Beth Givens before the California Senate Business and Professions Committee, March 9, 2004, www.privacyrights.org/ar/outsourcing-privacy.htm 
5. Offshore Outsourcing of Data Services by Insured Institutions and Associated Consumer Privacy Risks, FDIC, June 2004, www.fdic.gov/regulations/examinations/offshore/