When should donors provide their Social Security number to a nonprofit? Common wisdom and universal advice from endless sources say "never." But a dangerous new proposal from the IRS would change the answer to an iffy, "it depends," confusing the public, stifling donations for charitable works, and opening the floodgates to fraudsters.
I'll get to how the proposal will hurt nonprofits and the communities we serve in a minute (and a deeper analysis can be found on the National Council of Nonprofits' website). But first, I urge every nonprofit, every board member, every funder, and every person who has donated to a nonprofit to learn more about this proposal and to tell the IRS why this proposal is harmful. Submitting your views electronically is easy. It's quick. And it doesn't require being a registered lobbyist. Indeed, the IRS is actually asking for your feedback. Every comment, short or long, counts to stop this proposal before any damage can be done. Be sure to let the IRS hear from you before the December 16 deadline.
So, what's the big deal? The IRS is proposing a new, voluntary reporting regime that calls on nonprofits to collect, store, and report donors' Social Security numbers along with the amount of donations and other information. The IRS says the proposed new informational tax return is purely optional and expects very few nonprofits to actually fill it out. So, why should the public care? Here are three good reasons:
1. Opens the door to scam artists
The public is consistently warned by state Attorneys General ("Never give out personal information, such as your ... social security number"), the Social Security Administration ("your number is confidential"), and many other experts - including the IRS itself - to provide their Social Security number only when "absolutely necessary." At minimum, the IRS's proposal injects a contrary message that will confuse the public.
But worse, the IRS proposal would open the door for scam artists, even if not a single nonprofit in the country adopts the "voluntary" reporting system. Imposters' phone scripts will go something like this: "Hi, I'm Sally and I'm working with several nonprofits here in [insert city] to make sure that generous donors like you get full credit for your wonderful contributions. The nonprofits asked me to thank you for your generosity and confirm your name and address [insert here]. Also, the IRS has a new regulation [insert number] that nonprofits need your Social Security number so we can send you a form confirming your contribution in case you get audited. What's your Social Security number so we can send you the form?"
Some may argue that the proposed regulation wouldn't require nonprofits to collect the Social Security numbers. To that we say, fraudsters lie; it's in their job description. The IRS shouldn't help them by creating confusion - especially when the IRS's own proposal admits that it has received only a "few requests" to set up this alternative reporting regime and the current "system works effectively."
2. Nonprofits will be targeted by hackers
Media stories the past few years have revealed massive security breaches with hackers stealing the Social Security numbers of more than 22 million people from the federal Office of Personnel Management, as well as penetrating the CIA, State Department, and even the White House. The federal government has sunk billions of dollars and has hundreds, if not thousands, of people dedicated to keeping government information secure. And yet, its systems were hacked. Nonprofits have neither the financial resources nor sufficient staffing to combat hackers who will see an easy source for Social Security information.
This also creates a liability nightmare for innocent nonprofits. In an interview last week with The Chronicle of Philanthropy, Janet Kleinfelter, Tennessee's Deputy Attorney General and President of the National Association of State Charity Officials (NASCO), noted that if nonprofits collected Social Security numbers and that information were to be breached by hackers, "as a regulator, I would look at that as a breach of fiduciary duty."
3. Giving will suffer, which means our communities suffer
Most people are cautious about the information they share online, and rightfully so. Many are hesitant to provide even generic demographic or location information when making a donation. To be asked to share their address, their credit card number, and their Social Security number all in the same place would be enough to scare even the most committed donor to decline to give. As much as they may want to support good works in their community, it wouldn't justify taking the risk of their identity being stolen using the ease of online giving. Moreover, it will create a chilling effect for donors using checks, suddenly leery of making a contribution for fear that they will be asked to hand over their identities in the form of their private Social Security numbers.
But this isn't about the nonprofits, it's about the people that nonprofit serves. Every donation not given means another senior who won't receive a meal, a child who won't receive life-saving medical care, another animal without a home, and much more.
We can all help prevent this damage by taking just a few minutes to tell the IRS what the proposal would mean for your nonprofit - and let your board members, funders, and donors know to submit their concerns, too. Remind the IRS what we already know: that "never" is the better answer to protect nonprofits' work and our donors' identities.