Tax Practitioners Must Draft Written Data Protection Plans
The IRS, state tax agencies and the nation’s tax industry today reminded tax professionals that federal law requires them to create and use a written information security plan to protect their clients’ data.
The reminder came as the IRS and its Security Summit partners completed the fourth annual National Tax Security Awareness Week. The special week’s purpose is to encourage individuals, businesses and tax professionals to take steps to protect sensitive financial and tax data that can be used by identity thieves.
To get started on an information security plan, tax professionals can review IRS Publication 4557, Safeguarding Taxpayer Data (PDF). It details critical security measures that all tax professionals should take. The publication also includes information on how to comply with the Federal Trade Commission (FTC) Safeguard Rule.
Regardless of size, each tax firm, as part of its plan, must:
• designate one or more employees to coordinate its information security program;
• identify and assess the risks to customer information in each relevant area of the company’s operation and evaluate the effectiveness of the current safeguards for controlling these risks;
• design and implement a safeguards program and regularly monitor and test it;
• select service providers that can maintain appropriate safeguards, make sure the contract requires them to maintain safeguards and oversee their handling of customer information; and
• evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring.
Earlier this year, the Security Summit partners offered tax professionals a Taxes-Security-Together Checklist to consider. The Summit partners renewed their call for tax professionals to stop and review the safeguards prior to the start of the 2020 filing season and to take appropriate steps to protect their clients – and themselves.