S-4752-119
Read twice and referred to the Committee on Finance.
Sponsored by Steve Daines (R-MT)
What it does
This bill would raise criminal fines for unauthorized disclosure of taxpayer information from $5,000 to $250,000 and extend the maximum prison sentence from 5 to 7 years. It would also create a new felony offense for IRS contractors that willfully fail to maintain required data safeguards, with fines of at least $500,000 or 25% of their total IRS contract value — whichever is greater. Additionally, it would increase the minimum civil damages a taxpayer can recover from $1,000 to $5,000 per unauthorized disclosure.
Who benefits
All U.S. taxpayers whose returns and financial data are held by the IRS — roughly 150 million individual filers — would gain stronger legal protections. Taxpayers whose data is unlawfully disclosed would receive higher civil damages. Whistleblowers and privacy advocates who have pushed for stronger enforcement would see their goals advanced. Competing technology and data firms that already maintain strong security practices would face less disadvantage relative to contractors with lax standards.
Who is hurt
IRS contractors and third-party vendors handling taxpayer data would face substantially higher financial and criminal exposure, potentially raising their compliance and insurance costs. Smaller contractors with limited resources may find it harder to absorb the risk of large fines, potentially reducing competition for IRS contracts. Taxpayers and the federal government could indirectly bear higher contract costs if vendors price in the increased liability. Current IRS employees and officials who handle returns would also face steeper criminal penalties for violations.
Supporters argue
Supporters argue that the existing $5,000 criminal fine — unchanged since 1976 — has lost virtually all deterrent value due to inflation and is grossly inadequate given the sensitivity of tax return data, which includes Social Security numbers, income, and financial account details. They contend that high-profile data breaches, including the 2021 leak of wealthy taxpayers' returns, demonstrate that current penalties fail to deter misconduct by both government insiders and contractors, and that raising civil damages to $5,000 gives harmed taxpayers a meaningful remedy rather than a nominal one.
Opponents argue
Opponents argue that dramatically increasing penalties does not address the structural and technical vulnerabilities that enable data breaches in the first place, and that resources would be better directed toward IRS cybersecurity infrastructure upgrades. They contend that the contractor fine structure — up to 25% of total contract value — could be disproportionate for large multi-year contracts where a single employee's misconduct triggers liability, potentially chilling contractor participation and reducing the IRS's ability to modernize its systems through outside vendors.