Developing a data security plan can be intimidating, whether you’re new to data security or simply worry about developing a plan for the whole firm. After all, it’s one thing to download security software for your personal computer and another to try to secure your office network. Unfortunately, there’s another wrinkle for tax professionals: By law, you are required to develop a written security plan.
According to the FTC website, the Safeguards Rule requires “financial institutions … protect the consumer information they collect.” Under the “Who Must Comply?” section, the agency explicitly notes that this rule “includes many businesses that may not normally describe themselves that way.” Guess who Safeguards applies to? That’s right, “professional tax preparers.”
When it comes to tax-related identity theft, criminals use that information to defraud the US Treasury—to the tune of millions of dollars. That prompted the creation of the Security Summit, a partnership between private and government members of the tax industry. Luckily for everyone trying to create an office security plan, one of the Summit’s outreach campaigns—“Taxes-Security-Together”—produced a data security checklist.
What’s in the “Taxes-Security-Together” data-security checklist?
The IRS press release including the “Taxes-Security-Together” checklist emphasized how important it is for paid tax return preparers to have a data plan in place. The sheer number and evolving nature of phishing scams point to how valuable that data is, and it’s a reminder of why everyone should do all they can to protect it.
Without further ado, here’s full checklist provided by the IRS:
Deploy the “Security Six” measures:
Create a data security plan:
Educate yourself and be alert to key email scams, a frequent risk area involving:
Recognize the signs of client data theft:
Create a data theft recovery plan including:
For those who want to take a more comprehensive approach to developing their data-security plan, the IRS release also included links to the “Protect Your Clients, Protect Yourself: Tax Security 101” campaign; Publication 4557, Safeguarding Taxpayer Data; Publication 5293, Data Security Resource Guide for Tax Professionals; and the National Institute of Standards and Technology’s “Small Business Information Security: the Fundamentals.”
Sources: Financial Institutions and Customer Information: Complying with the Safeguards Rule; IR-2019-122