Skip to Main Content View Text-Only

The City of Portland, Oregon

Office of Management & Finance

Revenue Division

Arts Tax: 503-865-4278

Business Taxes: 503-823-5157

111 SW Columbia St, Suite 600, Portland, OR 97201

More Contact Info

UNAX/Disclosure Awareness Training

UNAX/Disclosure Awareness Training

Why are you taking this training?

The IRS requires annual federal tax information (FTI) training, including:

  • What FTI is
  • How to keep FTI confidential and meet IRS requirements
  • Civil and criminal penalties are for the misuse of FTI

To receive FTI from the IRS, Revenue must build effective security controls into processes, rules and systems to protect FTI from the time the Division gets FTI until it's destroyed. This training is one part of those security controls

If you have access to FTI or support the FTI environment, this training provides a stepping stone toward certifying your access

Even if you don’t have access you need to understand what FTI is and what to do if you come into contact with it

Everyone protects FTI - not just people with access.

Return to Top

What is federal tax information (FTI)?

FTI is information received directly from the IRS, and includes:

  • Returns: any tax or information return (paper or electronic), estimated tax declaration, or refund claim (e.g., 1040, 941, 1120, and other informational forms, such as 1099 or W-2. Forms include supporting schedules, attachments, or lists that are supplemental to or part of such a return); and
  • Return information: any information collected or generated by the IRS with regard to any person’s liability or possible liability, including but not limited to:
    1. Information, including a return, that the IRS obtained that relates to the potential liability of any person under the law for any tax, penalty, interest, fine, forfeiture, or other imposition or offense
    2. Information extracted from a return, including names of dependents or business address
    3. Taxpayer’s name, address and identification number
    4. Information collected by the IRS about any person’s tax affairs, even if identifiers, such as name, address, and identification number are deleted
    5. Status of whether a return was filed, under examination, or subject to other investigation or processing, including collection activities
    6. Information contained on transcripts of accounts

Return to Top

What FTI is not

  • FTI does not include information provided directly by the taxpayer or third parties
  • Taxpayers, vendors, businesses and other organizations do not send FTI to the Revenue Division
  • FTI is not information received from the taxpayer
  • FTI is not in BLIS, Arts or other City tax-related applications
  • FTI is not copies of tax returns and supporting documents provided to the Revenue Division with tax return 

Return to Top

Disclosure of FTI

Return to Top

Restricted Area

  • All FTI-related work happens in the Restricted Area
  • The Restricted Area has a large sign posted on the door. This sign also describes the penalties for unauthorized access
  • Only people on the Authorized Access List (people with a business need-to-know) have badge access to the Restricted Area. Entry into the area is monitored and is prohibited to any individuals that do not have said access
  • People with a regular need to enter the area for technical support are on an authorization list for non-agency personnel. These people do not have badge access and  must be escorted into the Restricted Area by someone on the Authorized Access List
  • All other people are considered guests and arrangements need to be made with the IRS Liaison, Tax Manager, or SET Tax Supervisor before entry into the Restricted Area

Return to Top

Need-to-Know

  • Limiting access to people on a need-to-know basis reduces opportunities to “browse” or improperly view FTI
  • Restricting access to designated personnel minimizes improper access or disclosure
  • Under need-to-know restrictions, even if someone has the authority to access FTI, the person should only exercise that authority if it's necessary to complete his or her official duties

Return to Top

Authorized Access List: Revenue People with Need-to-Know 

These are the only people with need-to-know allowed to enter the Restricted Area unescorted:

  • Seth Kabala, IRS Liaison and Disclosure Officer
  • Scott Karter, Audit & Accounting Division Manager - Back-up IRS Liaison
  • Tyler Wallace, Tax Division Manager
  • Din Belderrain, Auditor
  • Jason McKay, Auditor
  • Adrienne Brown-Dunn, Tax Supervisor: Special Enforcement Team
  • Huitzi Rios-Martinez, Tax Specialist (SET)
  • Roger Koppy, Tax Specialist (SET)
  • Thomas Carrasco, Tax Specialist (SET)
  • Jamari Carter, Tax Specialist (SET)
  • Joe Williams, Senior Business Systems Analyst
  • Kelly Jones-Weir, Senior Business Systems Analyst
  • Kita Fraser, Assistant Business Systems Analyst

Return to Top

Need and Use

  • Revenue's FTI uses are limited per IRC 6103 and other requirements and described in Revenue’s agreements with the IRS
  • Prohibited activities: ad hoc queries from staff, requests for information, BSA requests, and requesting to view particular tax records (including your own)
  • All requests to explore a particular group of Arts or BLIS accounts must go directly to Tyler Wallace. Tyler and Seth will decide whether the request is compliant with existing IRS agreements. If it is not compliant, then Tyler and Seth determine whether to request a change to Revenue's IRS agreement
  • Accepted FTI requests will go through the FTI work process flow
  • Requestors may not discuss requests with authorized FTI staff. Requestors won't be provided with more information about the request (e.g., status updates)

Return to Top

Why won’t FTI be in BLIS or Arts?

  • Due to disclosure restrictions, computer requirements and comingling restrictions it is impractical to add FTI to BLIS or Arts at this time
  • FTI does not lose its character until it's verified by a third-party (e.g., taxpayer). To put FTI in our existing information system applications, our business processes would be subject to all IRS requirements, including computer systems and system behaviors, a more restrictive clean desk policy and other security requirements 

Return to Top

Unauthorized Access and Disclosure

  • Unauthorized disclosure happens when FTI is given to someone who does not have the legal right to have access and a need-to-know
  • Unauthorized access occurs when an entity or person receives or has access to FTI without authority. Access to FTI is permitted only to people who need the FTI to do their official duties and as authorized under the IRC. FTI must never be indiscriminately disseminated, even within the recipient agency
  • Be aware that you cannot access or disclose FTI unless the access or disclosure is authorized by law
  • Unauthorized access or disclosure could subject you to criminal penalties or civil liability

Return to Top

Criminal Penalties for Misuse

Unauthorized disclosure: IRC 7213

  • Willful unauthorized disclosure of returns or return information by an employee or former employee is a FELONY. The penalty can be a FINE of up to $5,000, or up to five (5) years imprisonment, or BOTH, PLUS the cost of prosecution.

Unauthorized inspection (UNAX): IRC 7213A

  • Willful unauthorized access or inspection (UNAX) of taxpayer records by an employee or former employee is a MISDEMEANOR. This applies to both paper documents and electronic information. The penalty can be a FINE of up to $1,000 and/or up to one (1) year imprisonment, plus the cost of prosecution.

Return to Top

Civil Penalties for Misuse

Negligent inspection or disclosure: IRC 6103 and IRC 7431

  • A taxpayer whose return or return information has been knowingly or negligently inspected or disclosed by an entity may seek civil damages
  • A taxpayer may initiate action in district court for damages where there is unauthorized inspection or disclosure. The taxpayer may receive damages of $1,000 for each unrestricted access or disclosure, or actual damages, whichever is greater PLUS punitive damages (in case of willful or gross negligence),and
  • The cost of the action (court costs)

Return to Top

Summary of Penalties

IRC Section 7213

  • Felony
  • Up to $5,000 fine
  • Imprisonment up to 5 years
  • Cost of prosecution
  • Damages (see IRC 7431)

IRC Section 7213A

  • Misdemeanor
  • Up to $1,000 fine
  • Imprisonment up to 1 year
  • Cost of prosecution
  • Damages (see IRC 7431)

IRC Section 7431
(Damages may include)

  • $1,000 per act
  • Actual damages
  • Punitive damage
  • Cost of legal action
  • Attorney fees

Penalties after employment

  • Even after you are no longer employed by Revenue (or working as a service provider, project manager, contractor, etc.) you are still responsible for maintaining the confidentiality of the information you had access to during your employment
  • Fines and penalties still apply to you as a former employee or contractor

Return to Top

Wow! That sounds really serious. If I'm not supposed to see it, then why are you telling me?

  • It is really serious
  • The IRS wants you to understand what's at stake
  • Knowing what FTI is, what it looks like, and how it's handled helps protect the information 
  • You also must report activities that are different from Division policy or information in this training 
  • If you see something strange, it's your duty to report it!

Return to Top

How will I know it’s FTI?

  • Any document or computer system (including system hardware) containing FTI must be labeled to show it as Federal Tax Information
  • Unless you are on the Authorized Access List, you should not come into contact with FTI, but it is important to be able to identify it should it accidentally be found outside the Restricted Area
  • FTI must be handled in a special way to protect it from becoming misplaced or made available to unauthorized individuals 

Return to Top

Secure Storage of FTI

FTI must be stored within the Restricted Area, where no one, other than employees authorized to work with FTI may have access

Examples:

  • During business hours, BTS may be required to do maintenance within the Restricted Area. BTS can do their work as long as a Revenue Division escort from the Authorized Access List is always present 
  • Cleaning crews, building maintenance, and the landlord are not allowed in the Restricted Area without a Revenue Division escort from the Authorized Access List (during business hours or at night)

Return to Top

Protecting FTI

To meet the minimum IRS protection standards, Revenue Division must enforce a Secure Work Area as defined by RB-6, Workplace Access

The Workplace Access policy is being updated due to numerous City employees moving to Columbia Square. Portions of the Secure Work Area, such as the break room, will become Common Areas.

Badges

  • Employees must always wear ID badges above the waist  
  • If you lose your badge, notify the Administrative Assistant within 3 days
  • If you have FTI access and lose your badge, notify Seth and the Administrative Assistant immediately

Visitors

  • Sign in and out using the iPad at the Front Counter or back door
  • Wear a visitor badge (all visitors) and be escorted while visiting an office (red badge)
  • Visitors entering the Restricted Area have more requirements and need to check in with the IRS Liaison before entering the Restricted Area

Protect all confidential information: Remember your Security Awareness Training

To protect FTI, practice all of the above, plus:

  • Label and lock up files, notes and documentation containing FTI when not in use
  • FTI only leaves the Restricted Area under certain circumstances
  • FTI should never be left unattended 
  • FTI should never be left outside the Restricted Area

Return to Top

FTI Record Keeping 

  • FTI is tracked and monitored from the time it is received until it is destroyed or returned to the IRS
  • The IRS also requires monitoring physical and IT security, including visitor and door logs, changes to the IT environment, incidents, inspections, and other reporting as required by the IRS

Return to Top

Printing FTI

  • Due to the record keeping and data protection requirements, printing FTI is discouraged unless absolutely necessary
  • There must be a business need for printing FTI
  • FTI must be clearly labeled (using FTI paper)
  • After printing, FTI must be tracked, including who has access and when and how it was destroyed

Return to Top

Mailing FTI

  • Sent in two sealed envelopes, one inside the other
  • Letter must be addressed to the person authorized to receive it
  • FTI must be documented on a transmittal form and tracked

Return to Top

Paper Destruction

  • All paper must be destroyed using an IRS-approved method such as shredding, pulping (after shredding), or burning
  • Disposal is also logged

Return to Top

Computer Security

  • All computer actions are logged and monitored
  • The IRS has very specific computer settings and will come to inspect and audit settings to make sure they meet requirements
  • System settings need checking after an upgrade or system change to make sure the upgrade did not create a security vulnerability
  • All system changes and updates must be logged and follow standard change control methodologies
  • Issues are tracked on the Plan of Action & Milestones through resolution
  • Developers, BSAs and BTS employees are held to the same standards as other employees with regard to access and disclosure

Return to Top

Emailing and FAXing FTI

  • Emailing and/or FAXing FTI are prohibited

Return to Top

Unauthorized Technologies

  • FTI cannot be processed electronically outside the Restricted Area
  • FTI is not allowed in BLIS, Arts or other City applications or systems
  • Additionally, FTI cannot be used with other technologies, such as cameras, tablets, cell phones, via remote access, discussed on an Avaya (VOIP) phone, transmitted wirelessly or to the cloud, or used on multi-functional devices (e.g., a printer that also serves as a scanner and FAX machine)

Return to Top

FTI Electronic Destruction

All FTI must be destroyed using an approved IRS destruction method

Return to Top

What if I see something weird? Incidents: Strange/unusual events 

  • It's your responsibility to respond to incidents
  • Anyone who thinks they have seen or received information about a possible disclosure or unauthorized access of FTI must immediately tell the Revenue Division IRS Liaison and a supervisor or manager
  • It's OK to interrupt the IRS Liaison 
  • It could be something as simple as seeing an electrician enter the Restricted Area without an escort. 
  • The IRS Liaison will ask you to give as much detail as possible about the incident possible and will investigate with the right managers and professionals.
  • The Revenue IRS Liaison reports all incidents involving FTI to the IRS Regional Inspector or the Treasury Inspector General for Tax Administration (TIGTA)

Sample incidents

  • FTI on the FAX machine 
  • FTI in a conference room
  • FTI in a shred bin
  • FTI on a desk
  • FTI entered into BLIS or ARTS
  • Someone showing FTI to a friend or colleague
  • People talking about FTI accounts / FTI taxpayers (by name) in the hallway

Return to Top