Action Alert: IRS Reporting Proposal Threatens Donor, Nonprofit Security

Action Alert: IRS Reporting Proposal Threatens Donor, Nonprofit Security


Ann Saxton, Vice President

The IRS is asking for comments on its proposal of a new, voluntary reporting regime that calls on nonprofits to collect, store, and report donors' Social Security numbers, along with the amount of donations and other information, by December 16. The proposed regulations would give nonprofits the option of filing a separate new information return with the IRS and individual donors by February 28 every year to substantiate contributions of more than $250 in value. A similar mandatory proposal was considered and rejected in the past based on numerous legal, policy and confidentiality problems it raised. 

This should concern foundations and the general public for a number of reasons. Tim Delaney, president and CEO of the National Council of Nonprofits, explains in a recent blog post:

  • Opens the door to scam artists. The public is consistently warned by state attorneys general ("Never give out personal information, such as your ... Social Security number"), the Social Security Administration ("your number is confidential"), and many other experts — including the IRS itself — to provide their Social Security number only when "absolutely necessary." At minimum, this IRS proposal injects a contrary message that will confuse the public. Even without adoption by any nonprofit, a scammer could call a donor purporting to be with a (receiving) nonprofit and request the donor’s social security number in order to send a form confirming their contribution for use in case of audit.
  • Nonprofits could be targeted by hackers and be made liable. Media stories the past few years have revealed massive security breaches with hackers stealing the Social Security numbers of more than 22 million people from the federal Office of Personnel Management, as well as penetrating the CIAState Department, and even the White House. The federal government has sunk billions of dollars and has hundreds, if not thousands, of people dedicated to keeping government information secure. And yet, its systems were hacked. Nonprofits have neither the financial resources nor sufficient staffing to combat hackers who will see an easy source for Social Security information. This also creates a liability nightmare for innocent nonprofits. In an interview last week with The Chronicle of Philanthropy, Janet Kleinfelter, Tennessee's Deputy Attorney General and President of the National Association of State Charity Officials (NASCO), noted that if nonprofits collected Social Security numbers and that information were to be breached by hackers, "as a regulator, I would look at that as a breach of fiduciary duty."
  • Giving will suffer, which means our communities suffer. Most people are cautious about the information they share online, and rightfully so. To be asked to share their address, their credit card number and their Social Security number all in the same place would be enough to scare even the most committed donor to decline to give. As much as they may want to support good works in their community, it wouldn't justify taking the risk of their identity being stolen using the ease of online giving. For private foundations, the new regulation could result in replacement pressure, as foundations would be depended on to offset reduced individual donated funds; it would also be a drag on resources as each of their grantees may seek their Taxpayer Identification Numbers (in lieu of Social Security numbers).

What can you do?

The IRS is asking for comments on the proposal by December 16.  To submit comments please go to the IRS website — and let your board members, funders and donors know to submit their concerns, too.

What should be included in your comments?

The National Council of Nonprofits compiled some talking points:

  • A charitable nonprofit should never be asking a donor for her or his Social Security number when soliciting donations. If someone is asking in relation to a donation, that should be considered a sign of a scam or fraudulent solicitation.
  • The proposed Donee Reporting Rule conflicts with the IRS advice to taxpayers to only give out their Social Security numbers when “absolutely necessary.”
  • Taxpayers may reduce giving because they are reluctant to provide Social Security numbers to charities given concerns over identity theft.
  • The current contemporaneous written acknowledgement system is working.
  • Just because the proposal is voluntary now is no reason to ignore its potential adverse impacts.

Also be sure to include basic information about your organization. As a funder you may also want to mention your concern for your grantees.

Is this lobbying?

NO. Comments on regulations are not considered lobbying by the IRS.

Ann Saxton is Philanthropy Northwest's vice president.


Submitted by Scott Hayman (not verified) on Mon, 12/14/2015 - 9:32am

I took your advice and transmitted my opposition to the rule this morning (12/14/2015).