Eat Better, Work Better, and Protect Data Better: New Year Resolutions for the Tax Professional and Useful Tips

To read this Alert as a PDF, click here.

January brings a fresh start for many businesses as they gear up for the New Year. It is when tax professionals meet with clients and request financial records to prepare tax returns for the prior calendar year. It is also a busy time for accountants, HR staff, and payroll departments responsible for preparing W-2s for employees and 1099s for independent contractors.
 
When you stop to think about the type of information contained in a tax return, W-2 or 1099, or included in your financial records, it is obvious that these documents are comprised of mainly personally identifiable information (“PII”) and other very sensitive data. If this type of information falls into the wrong hands, the results could be detrimental to your employees’ or clients’ privacy and financial security (not to mention potentially exposing you to significant liability). Consequently, it is imperative for all tax professionals to implement good privacy practices and security controls to protect PII and financial information from unauthorized access or use.
  
Data security is a necessity regardless of the size of your client base or business. More than that, protecting taxpayer data is the law. The Federal Trade Commission (“FTC”) has authority to set data safeguard regulations for various entities, including professional tax return preparers. The failure to comply with FTC regulations could result in an FTC investigation, unwanted audits, and fines, as well as a damaging smear on your business’s reputation.
 
According to the FTC Safeguards Rule, tax return preparers must create and enact written information security plans (“WISPs”) to protect their clients’ data. In doing so, tax professionals and other financial advisors should assess and mitigate risks to taxpayer data in all areas of operation, including (i) employee management and training; (ii) information systems; and (iii) detecting and managing system failures within your network. Additionally, the Internal Revenue Service (“IRS”) has issued guidance to tax professionals on protecting their client’s data by implementing strong security protocols. https://www.irs.gov/tax-professionals/tax-security-2-point-0-the-taxes-security-together-checklist.
 
Every employee, both professional and administrative staff, should be educated about security threats and safeguards when it comes to employee or client data. Businesses should also implement good privacy practices in daily operations. To help you, click here for helpful tips on ways to implement good privacy practices. We hope they are useful to you.
 
For more information about compliance with the FTC Safeguards Rule or IRS’s requirements on tax professionals, or for assistance with preparing a written information security plan or other privacy policy or plan, please contact Krystle Dalke, CIPM and CIPP-US, at (316) 631-3181 or via email at kdalke@hinklaw.com. We can also help you perform risk assessments, train employees, and mitigate risks of unauthorized access to sensitive data or confidential information within your business operations. The sooner you start engaging in good privacy practices, the more trustworthy and prepared your business will be.