UPDATE 1/7/16: The proposed regulations have wisely been withdrawn.
The Treasury Department and IRS are soliciting comments through December 16 regarding the recently proposed rule that would provide donors with another way to substantiate their contributions of $250 or more but at the cost of imposing significant new risks on charities and donors. The new way to substantiate charitable contributions would require charities to, among other things: (1) collect a donor’s social security number, which would trigger a number of privacy laws designed to prevent identity theft, and (2) file a new form of information return with the IRS.
Why the Proposed Regulation?
The likely intent of the proposed rule is to help prevent the situation where donors of $250 or more fail to obtain or maintain an appropriate and timely gift receipt (technically termed a contemporaneous written acknowledgement) from a charity and subsequently have their charitable contribution deductions denied. The burden is currently on the donor to get the appropriate and timely gift receipt to allow for the deduction. Such rule was adopted to help prevent fraudulent claims of large charitable contributions but has resulted at times in denials of deductions for legitimate charitable contributions merely for the fact of poor recordkeeping.
In the past, some donors who failed to obtain a a contemporaneous written acknowledgement had the charity donee amend its Form 990 to reflect the donation. They argued that such amended Form 990 would be sufficient to serve as the substantiation required to support a charitable contribution deduction. However, according to Accounting Today:
“The IRS has consistently maintained that an alternative substantiation method is not available until regulations are in place prescribing the method for charities to do this,” said the IRS statement. “The Treasury Department and the IRS have concluded that the Form 990 is an unsuitable reporting method for this purpose. The purpose of these regulations is to consider appropriate alternatives to amended Forms 990.”
The Likely Impact
While the new proposed rule allows, but does not require, a charity to file the new information return, its likely impact will be to shift the burden to many charities to substantiate donors’ contributions (and potentially be liable for failing to do so properly) in something like a 1099 reporting regime. It would be difficult for charities to deny their donors’ requests for accepting the transfer of such burden without jeopardizing their donor relations. But before accepting such responsibility, charities would be well advised to develop appropriate risk management, document management, and cyber security systems, with knowledge of the risks and pitfalls associated with collecting donor data, including social security numbers.
What Can You Do?
Rather than developing appropriate systems to manage donors’ personally identifiable information, charitable organizations can first choose to let the Treasury Department and IRS know that the rule, if promulgated, will harm them and the nonprofit sector. Note that taking such action is an acceptable activity for public charities and private foundations and is not considered lobbying. Consider signing the letter in opposition to the proposed rule provided by the National Council of Nonprofits and Independent Sector here. The following is an excerpt from the form letter:
We submit this joint letter to demonstrate our universal opposition based on the following common concerns:
- Protecting the Public Should be the Highest Priority: Like other law enforcement agencies, the IRS has consistently warned individuals to give out their Social Security numbers only when “absolutely necessary.” A charitable nonprofit should never be asking a donor for her or his Social Security number when soliciting donations. If someone is asking in relation to a donation, that should be considered a sign of a scam or fraudulent solicitation and reported to appropriate law-enforcement authorities. The proposed donee gift form, if utilized, would require nonprofits to ask donors to give out their Social Security numbers when it is not absolutely necessary. This conflicting message from the IRS is certain to confuse the public and result in fraud.
- Administrative Burdens and Fiduciary Duties: Collection, storage, and reporting of Social Security numbers to the IRS is a costly additional endeavor that can impose significant risks on entities that are hacked. To protect sensitive donor information, nonprofits would have to divert resources from mission to purchase expensive data security systems that have no guarantee of protecting the public. Nonprofits that collect Social Security numbers and improperly protect the data could be subjecting themselves and their board members to lawsuits asserting a breach of fiduciary duty.
- Disincentive for Donor Support: In 2009, the Government Accountability Office reviewed a proposal similar to the current draft regulation and found that “[t]axpayers may reduce giving because they are reluctant to provide Social Security numbers to charities given concerns over identity theft.” This consequence of reduced support for charitable works in communities was considered unacceptable then and remains a risk that cannot be countenanced today.
More About the Proposed Rule
The National Council of Nonprofits provides an excellent and detailed summary of the proposed rule and its opposition to its promulgation here. The Council’s president and CEO Tim Delaney provides further commentary in this HuffPost Impact post. This is a bad and unnecessary rule, and those in Treasury and the IRS pushing for the regulation (I’ve overheard some key officials most familiar with the sector are opposed) seemed not to have adequately considered all of the adverse consequences that would likely result.
More on Social Security Numbers
The federal government’s Social Security website advises: “Organizations should avoid using Social Security numbers (SSNs) as identifiers for any type of transaction.” It further provides: “Organizations that maintain SSNs in their system of records should consider encryption of this data.” Here’s why:
Identity theft is one of the fastest growing crimes in American society. The routine and often indiscriminate use of SSNs as identifiers creates opportunities for individuals to inappropriately obtain personal information. Repetitive use and disclosure of SSNs in organizational record keeping systems, multiplies the susceptibility of persons to potential identity theft. Through misuse of SSNs, individuals are subject to the danger of identity theft and its repercussions. Access to an individual’s SSN can enable an identity thief to obtain information that can result in significant financial difficulties for the victim. While this can be disruptive for the individual, it can also lead to civil liability for the organization and its individual employees if someone is harmed by information that has been made available to others.
What You Risk When Your Social Security Number Is Hacked (Wall Street Journal)
Data Privacy and Cyber Liability: What You Don’t Know Puts Your Mission at Risk (Nonprofit Risk Management Center)
Protecting Personal Information: A Guide for Business (Federal Trade Commission)