The IRS has 1,124 known data-sharing agreements with outside organizations that receive federal tax information. The problem is the IRS couldn’t readily identify all of its agreements or contracts because the agency doesn’t have a centralized database, according to a Treasury Inspector General for Tax Administration report.
TIGTA conducted its review in response to congressional interest regarding what external organizations, such as Immigration and Customs Enforcement, have access to FTI. Section 6103 of the Internal Revenue Code allows certain limited disclosures of FTI to aid in tax administration and for other legal purposes, TIGTA noted.
The IRS watchdog found that the vast majority of these agreements assist state and local governments with tax administration. All U.S. states and territories have agreements, with Ohio having the most (42) and Nevada having the least (four).

But TIGTA also found that as of March 2026, the IRS’s Privacy, Governmental Liaison and Disclosure division—which is responsible for Section 6103-related agreements with government agencies—wasn’t aware of all data-sharing agreements that other IRS business units initiated and developed.
According to the report, PGLD tracked 1,094 (97%) of the 1,124 agreements in its Governmental Liaison Agreement Library. However, individual IRS business units provided 30 additional data-sharing agreements with government and nongovernment agencies that should have been included in the GL Agreement Library but weren’t. These data-sharing agreements consisted of memorandums of understanding and interface control documents, the report says.
The Office of the Chief Procurement Officer is responsible for awarding contracts that provide for the sharing of FTI with nongovernment organizations, but according to TIGTA, the OCPO doesn’t have a method to readily identify contracts that allow nongovernment organizations to receive FTI.
In addition, the IRS Office of Information Technology identified 27 contracts that involved the sharing of FTI. These contracts represent a wide variety of IRS operational support, such as the scanning of FTI at contractor facilities, TIGTA says.
During TIGTA’s review, the IRS admitted that it doesn’t have a centralized database identifying all agreements with organizations that receive FTI.
“Our nation’s tax system is based on voluntary compliance and a high degree of confidence that personal and financial information furnished to the IRS is protected against unauthorized use, inspection, or disclosure,” the report says. “The IRS is responsible for ensuring that I.R.C. § 6103 legal restrictions are enforced when sharing FTI with external organizations.”
TIGTA recommended that the IRS’s chief privacy officer and the chief procurement officer coordinate to establish a centralized database to store information on all data-sharing agreements and contracts. TIGTA also recommended that the chief privacy officer remind all IRS business units to engage with the PGLD when developing FTI data-sharing agreements with government agencies. In addition, the report recommends that the chief procurement officer develop a process to readily identify all contracts with external organizations that involve the sharing of FTI.
The IRS agreed with all of the recommendations, TIGTA said.
“The IRS remains committed to protecting Federal Tax Information,” John Walker, acting chief privacy officer at the IRS, wrote in response to the report. “The IRS will strengthen the process to readily identify all active data-sharing agreements and contracts containing FTI.”
Photo credit: Sean Lee/Unsplash
Sign in to get access to this free resource, and all of our whitepapers and reports.
Download this content today!
Register Now Already registered? Click here to Log In
Tags: IRS, state and local governments, Taxes, TIGTA