The IRS is serious about identity theft, and wants tax professionals and their clients to be also. In IR-2015-129 [11/19/15], the IRS announced its “Taxes. Security. Together.” campaign. The educational campaign, represents a collective effort of the IRS, the states, and the tax industry. The IRS encourages all of us to: (1) use security software to protect our computers, including a firewall and anti-virus protection; also, if tax returns are stored on computers, files should be encrypted, and strong passwords used; (2) beware of phishing emails and phone scams; and, (3) protect personal information, e.g., by not routinely carrying one’s social security numbers, shredding old tax returns that are disposed of, checking credit reports and social security administration accounts at least annually, and not oversharing on social media. The IRS notes that for the 2016 filing season, there will be new standards for logging onto all tax software products, e.g, minimum password requirements, new security questions, and standard lockout features. The software industry will provide more than 20 additional elements from the tax return submission to the IRS and, in turn, to the states to help identify fraudulent returns. The IRS notes in the release that since 2013 nearly 2,000 identity thieves have been convicted, with the average sentence for those convicted running well over 3 years. In fact sheet FS-2016-3 [January 2016], the IRS outlines very specific procedures that will apply if the taxpayer tells the IRS he or she may be a tax-related identity theft victim, or the IRS tells the taxpayer that a suspicious return has been received with the taxpayer’s name on it. If the taxpayer’s e-filed return is rejected because of a duplicate tax filing with the taxpayer’s social security number, the IRS advises the taxpayer to complete Form 14039, complete a paper return, and file the paper return with Form 14039. Its “Identity Theft Victim Assistance” organization will specifically work the taxpayer’s case. Generally, the case is resolved within 120 days, with complex cases taking 180 days or longer. If the taxpayer is notified by the IRS about a suspicious return filed with the taxpayer’s name on it, the taxpayer will be asked to verify his or her identity at IDVerify.irs.gov. In IR-2016-12 [2/1/16], the IRS highlights that identity theft is the first scam listed in its most recent annual “Dirty Dozen” list of tax scams to avoid. The IRS also has published IRS Publications 4524 (covering its “Taxes.Security.Together.” campaign) and 4557 (giving very detailed procedures for tax professionals and their clients to follow to safeguard taxpayer data). Checklists included in Publication 4557 include administrative activities, facilities security, personnel security, information systems security, media security, and certifying information systems for use. Also, reporting incidents, laws and regulations, and standards and best practices are included in Publication 4557.