As someone who works in the field (government not journalism) with similar data (not IRS data) and has watched others have to implement various privacy laws (including the same federal ones the IRS has to follow on the matter), there are also requirements on the minimum number of data-points when releasing information.
For instance, an aggregate number of only 10 data-points is enough for people inside those 10 data-points to band together and out the real information of the remaining people through collective action, as an example. There are thousands of similar contingencies planned for.
So if you publish this data redacted, it's still a violation of the privacy laws because you can figure out easily who is whom since there are only a few billionaires and there's enough information provided to narrow down people's identity by looking at public information.
As for Twitter or whatever, I believe the law technically was violated only by the person who handed the data to the journalists. After that the journalists can't be held accountable unless they aided in some way in obtaining or they directly requested the data from the individual or group or whomever it was that did this.
Honestly, though, this is why people in these positions are held to extremely high standards and it ends up being frustrating when others fall through like this. It's too easy to occur, and these roles are rarely compensated well or have any "backup" for technical tasks since it's all based on who organizations trust, so they can't hire anyone to help and we end up thinly spread.
Add a small dash of political or financial incentive and suddenly the data you have been working to design to protect from Russian hackers becomes technologically meaningless when someone just leaks it who has direct access. I'm surprised there aren't more of these happening given the dire straits many of us are in, out in the wild-west on our own with nobody to even talk to about it and nobody willing to work in government (or to not be assumed to be trustworthy enough to have access).
For instance, an aggregate number of only 10 data-points is enough for people inside those 10 data-points to band together and out the real information of the remaining people through collective action, as an example. There are thousands of similar contingencies planned for.
So if you publish this data redacted, it's still a violation of the privacy laws because you can figure out easily who is whom since there are only a few billionaires and there's enough information provided to narrow down people's identity by looking at public information.
As for Twitter or whatever, I believe the law technically was violated only by the person who handed the data to the journalists. After that the journalists can't be held accountable unless they aided in some way in obtaining or they directly requested the data from the individual or group or whomever it was that did this.
Honestly, though, this is why people in these positions are held to extremely high standards and it ends up being frustrating when others fall through like this. It's too easy to occur, and these roles are rarely compensated well or have any "backup" for technical tasks since it's all based on who organizations trust, so they can't hire anyone to help and we end up thinly spread.
Add a small dash of political or financial incentive and suddenly the data you have been working to design to protect from Russian hackers becomes technologically meaningless when someone just leaks it who has direct access. I'm surprised there aren't more of these happening given the dire straits many of us are in, out in the wild-west on our own with nobody to even talk to about it and nobody willing to work in government (or to not be assumed to be trustworthy enough to have access).