Secure-File-Sharing, and setting up unique id/password for each taxpayer.

[porteusconf]

Our security policy should specify exactly the software we use for secure file sharing, and how passwords/identifiers are shared, which should never be by email. Links to shared files should not be sent by email unless the shared file is protected by a password that is NOT sent by email.

This enables us to follow instructions in Publication 4299 (Rev. 10-2020) under topic "Sharing Taxpayer Information Through Virtual VITA/TCE Channels" Below is quoted subsection on email from page 5.

Email:

• Permitted. Both parties should consider using a supplemental program that secures the message with a password.
• There are several software programs available for download for both partners and taxpayers. Note that although some programs are free, there are others that may charge a fee.
• Before emailing information to taxpayers, the volunteer and taxpayer should agree on unique passwords/identifiers to ensure the secure transmission of information between parties.

We can probably assume that by unique the IRS means each taxpayer has a different id/password for secure file-sharing.

• Volunteers should not use a public computer to send email.
• Sensitive email messages should be deleted from the computer and/or server once they are no longer needed.
  ...
  File Sharing Program:
• Permitted to share information.
• Partners have a requirement to use a program that maintains minimally–acceptable levels of security (user authentication with password, 128-bit encryption, and audit trail capability) so that user activities be monitored. Partners are required to ensure all taxpayer data is encrypted prior to uploading and downloading in file sharing programs. There may be a partner cost involved.
• Ensure that information is deleted from file sharing programs when completed.