From Illinois News Network
Though there weren’t any reports of confidential information being compromised, Illinois’ Department of Revenue has weaknesses in physical and electronic safeguards to protect taxpayers’ data.
That’s according to a report from the Auditor General’s office published last week.
The report said there were inadequate security controls over a program the Department uses called GenTax. Some of the issues included 43 percent of tested former employees not being deactivated from the system in a timely manner.
In one instance there was nearly 970 days from when someone separated employment with the department and was deactivated from the system. Nearly one-in-ten tested individuals using the system didn’t have properly documented background checks but had administrative access.
Plus there was no explanation for why 88 percent of other tested individuals had access to the GenTax program and data.
The Auditor General says the Department acknowledged they have a process to remove individual’s access to GenTax but don’t have actual documentation on file explaining the process. There were also outdated contingency plans that had not been tested to timely recovery applications and data.
The report says Revenue personnel continue to make improvements including working with a security consultant, but lax controls could jeapordize taxpayers’ information and lead to identity theft.