Treasury Inspector General for Tax Administration (TIGTA), Efforts Have Been Made, but Manager and Employee Noncompliance With Security Policies and Procedures Puts Personally Identifiable Information at Risk, issued August 13, 2007: “…The IRS has taken several noteworthy actions to protect taxpayer data in its possession. For example, it has established a Security Services and Privacy Executive Steering Committee to serve as the primary governance body for all matters relating to security and privacy issues in the IRS. In addition, it has made steady progress each year in complying with the requirements of the Federal Information Security Management Act. However, TIGTA reviews during Fiscal Years 2003 to 2007 have identified persistent computer security weaknesses that jeopardize the security of personally identifiable information. TIGTA continues to find that employees are not aware of the security risks inherent in their positions. For example, TIGTA reviews found that employees did not sufficiently safeguard laptop computers and did not encrypt data on the computers; were susceptible to social engineering techniques that hackers could use to gain access to their systems; and ignored IRS policies on the use of email, which increased security vulnerabilities.”