Offering your accounting clients the security of knowing their personal and financial data is safe with you is a great and necessary thing. But what you may not realize is that it is also the law. The Financial Services Modernization Act of 1999, also known as the Gramm-Leach-Bliley (GLB) Act, gives the Federal Trade Commission authority to set information safeguard regulations for various entities, including professional tax return preparers.
According to the FTC Safeguards Rule, tax return preparers must create and enact security plans to protect client data. Failure to do so may result in an FTC investigation. The IRS also may treat a violation of the FTC Safeguards Rule as a violation of the IRS Revenue Procedure 2007-40, which sets the rules for tax professionals participating as an Authorized IRS e-file Provider.
The FTC-required information security plan must be appropriate to the company’s size and complexity, the nature, and scope of its activities, and the sensitivity of the customer information it handles. According to the FTC, each company, as part of its plan, must:
- designate one or more employees to coordinate its information security program;
- identify and assess the risks to customer information in each relevant area of the company’s operation and evaluate the effectiveness of the current safeguards for controlling these risks;
- design and implement a safeguards program and regularly monitor and test it;
- select service providers that can maintain appropriate safeguards, make sure the contract requires them to maintain safeguards and oversee their handling of customer information; and
- evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring.
The FTC says the requirements are designed to be flexible so that companies can implement safeguards appropriate to their own circumstances. The Safeguards Rule requires companies to assess and address the risks to customer information in all areas of their operations.
To help your accounting firm make sure you are following the law as far as the security of your clients' data, CPA Practice Advisor has this free ebook that goes into detail about how firms can not only stay in compliance with IRS regulations but also take specific steps to ensure the security and privacy of client data.
We want the readers of The Rules of Thumb blog to also know that MoneyThumb takes the security of your data very seriously. You can read our Security Policy here. Below is just one of our security measures from that policy:
MoneyThumb uses SSL (Secure Sockets Layer) technology which is the industry standard and among the best software available today for secure commerce transactions. It encrypts all of your personal information including credit card number, name, and address, to prevent it from being read as it travels over the Internet. When you place orders or access account information, we automatically send you to our secure credit, providing your browser accepts SSL encryption.
Hopefully, this blog post will help your accounting firm make sure you are complying with security laws when it comes to clients' data. We would appreciate it if you could share this post on your social media page so that your accounting peers can also benefit from the information.
As an added bonus, we'd like to share this survey for tax professionals offered by Right Networks. Take the survey to be entered to win one of three Visa gift cards. Two respondents will win $250 and one respondent will win $500. Be sure to include your contact information (full name and email) at the end of this survey to enter the drawing. Winners will be randomly selected in November.