The state has fired an Indiana printing company that mailed dozens of taxpayers in Brookline forms with their neighbors' Social Security numbers, a privacy breach that alarmed residents and hastened efforts to establish other safeguards to protect confidentiality.
The Department of Revenue, in a letter dated Tuesday, canceled the contract with Allison Payment Systems of Indianapolis, which received $235,000 a year to print and mail Estimated Income Tax coupon books to more than 411,000 taxpayers statewide.
"We take these matters very seriously, and that was a serious enough incident to terminate the contract," Joseph J. McDermott , the department's taxpayer advocate, said yesterday. He personally called the 45 taxpayers who mistakenly received their neighbors' Social Security numbers in late February and asked them to mail them back.
The department has replaced Allison, whose contract was to expire in August 2009, with Diversified Business Systems of Haverhill. In addition, McDermott said, the tax coupons that the new contractor plans to mail for 2008 and subsequent years will include only the last four numbers of the recipient's Social Security numbers as a safeguard.
The department had already been considering deleting the first five digits of Social Security numbers in such mailings to prevent misuse if coupons ended up in the wrong hands, McDermott said. But the February mix-up accelerated the effort.
Although the blunder was limited to the 02445 ZIP code in Brookline Village, two internal auditors who inspected Allison's automated operations after the breach concluded that the company "didn't have sufficient internal controls that we were expecting them to have," McDermott said.
J.P. Thomas , a spokesman for Allison, said yesterday that the state had the right to cancel a contract "on a failure, and there was a failure."
But he said Allison had worked for the Department of Revenue for more than seven years, during which it annually mailed about 700,000 tax forms, including the coupon books.
"That's roughly 45 errors over seven years," he said. "That's not bad."
Paul Stephens , a policy analyst for the Privacy Rights Clearinghouse, a nonprofit consumer advocacy group in San Diego, said it is crucial that the state handles taxpayers' personal information properly.
The dismissal of Allison, he said, "sends out a warning to contractors and subcontractors that governments are taking privacy issues seriously."
The problem involved coupon books that Allison sent annually to taxpayers who must make quarterly estimated payments on taxes due on income not subject to withholding. Typically, such taxpayers are self-employed or receive income irregularly.
The books consist of several sheets of paper, including one sheet with the first coupon and a subsequent sheet with three more coupons, McDermott said. During a mix-up traced to the evening of Feb. 23, Allison assembled books with the correct information on the envelope and on the second page. But the third page bore the name and Social Security number of the next recipient scheduled to receive a mailing.
Thomas said the glitch happened after an automated machine jammed. The operator fixed the jam and restacked the machine with printed pages but failed to check to make sure they were in the right sequence.
Jonathan Saltzman can be reached at firstname.lastname@example.org