Data incident reporting

When your agency has a data incident, the agency has a number of responsibilities it must immediately carry out.

The agency must notify the Office of Safeguards by email to the Safeguards mailbox, safeguardreports@irs.gov.

To notify the Office of Safeguards, the agency must document the specifics of the incident known at that time into a data incident report, including, but not limited to:

  • Name of agency and agency Point of Contact information for resolving data incident
  • Date and time the incident occurred
  • Date and time the incident was discovered
  • How the incident was discovered
  • Description of the incident and the data involved, including specific data elements, if known
  • Address where the incident occurred and Information technology equipment involved (e.g., laptop, server, mainframe)

Reports must be sent electronically and encrypted via IRS-approved encryption techniques. Use the term data incident report in the subject line of the email. Do not include any FTI in the data Incident report.

Even if all information is not available, immediate notification is the most important factor, not the completeness of the data incident report. Additional information must be provided to the Office of Safeguards as soon as it is available.

The agency will cooperate with TIGTA and Office of Safeguards investigators, providing data and access as needed to determine the facts and circumstances of the incident.

References