How to Plan for Data Security
All professional tax prepares should review their data security protections by developing a written plan describing the company’s policies to protect sensitive client and business information. The Gramm-Leach-Biley Act of 1999, P.L. 106-102, allows the Federal Trade Commission the authority to ensure that businesses, including professional tax preparers, implement “safeguard rules.”
In the plan, tax preparation firms must:
- Designate one or more employees to systemize a security program,
- Identify and assess risks to client information and evaluate the effectiveness to control risk,
- Regularly monitor and test the program to ensure confidentiality,
- Ensure third-party service providers uphold safeguard rules, and
- Update changes to businesses organizational structure and operations
IRS Publication 4557, Safeguarding Taxpayer Data also guides tax practitioners to recognize future signs of client data theft and phishing scams, and write a protective data theft recovery plan.
Other resources to look into include IRS Publication 3112, IRS e-file Application and Participation, Sec. 7216 – imposes criminal penalties who recklessly reveals information, Sec. 6713 – imposes monetary penalties disclosing tax information, Rev. Proc. 2007-40, IRS Publication 5293, Data Security Resource Guide for Tax Professionals, and AICPA resources on cyber liability and managing exposures.