Are You Doing Enough to Protect Your Clients and Yourself from Data Theft?

Posted on August 12, 2016 · Posted in Industry News, Latest Updates

8/5/16 – The “Protect Your Clients; Protect Yourself” campaign, a joint effort between the IRS, state tax agencies, and the private-sector tax industry, is intended to inform tax professionals about their responsibilities and common sense steps they can take to protect their clients from identity theft and to protect their businesses.

Why should tax preparers take these extra steps? Tax preparers play a critical role in protecting taxpayer data. And as we all know, data breaches are increasing in number and scope, which also increases the potential for stolen identity information to be used to file tax returns.

As a tax preparer, your business involves maintaining, sharing, transmitting, or storing taxpayer data, and it is your legal responsibility to have safeguards in place to protect client information. Taxpayer data is defined as any information obtained or used in the preparation of a tax return.

Data security includes all aspects of your business including administrative practices, facility protection, computer security, personnel and information systems. Protect yourself and your clients by taking these critical steps:

  • Assure that taxpayer data, including data left on hardware and media, is never left unsecured.
  • Securely dispose of taxpayer information.
  • Require strong passwords (numbers, symbols, upper and lowercase) on all computers and tax software programs.
  • Require periodic password changes every 60 to 90 days.
  • Store taxpayer data in secure systems and encrypt information when transmitting across networks.
  • Ensure that email being sent or received, that contains taxpayer data, is encrypted and secure.
  • Make sure paper documents, computer disks, flash drives and other media are kept in a secure location and restrict access to authorized users only.
  • Use caution when allowing or granting remote access to internal networks containing sensitive data.
  • Terminate access to taxpayer information for anyone who is no longer employed by your business.
  • Create security requirements for your entire staff regarding computer information systems, paper records and use of taxpayer data.
  • Provide periodic training to update staff members on any changes and ensure compliance.
  • Protect your facilities from unauthorized access and potential dangers.
  • Create a plan on required steps to notify taxpayers should you be the victim of any data breach or theft.
  • Complete a risk assessment to identify risk and potential impacts of unauthorized access.
  • Write and follow an Information Security plan.
  • Consider performing background checks and screening individuals before granting access to taxpayer information.

Putting these taxpayer data safeguards in place will enhance your clients’ customer confidence and trust in your business. For more tips and links to additional information, read IRS  Publication 4557, Safeguarding Taxpayer Data.

Register now to watch the free IRS webinar, Protect your Clients; Protect Yourself from Data Theft, on August 17 at 10:00 a.m. PT, and earn one hour of CE. Topics include:

  • Security Summit initiatives for FY 2017, including enhancing tax professional awareness of client data safeguards.
  • Legal requirements and best practices to better protect taxpayer information.
  • Emerging scams from an IRS Criminal Investigation expert.
  • Outline steps tax professionals should take if they suffer a loss of taxpayer data.

Plus opening remarks from IRS Commissioner John Koskinen and a live Q&A with IRS subject matter experts.