Eat Better, Work Better, and Protect Data Better: New Year Resolutions for the Tax Professional and Useful Tips
To read this Alert as a PDF, click here.
January brings a fresh start for many businesses as they gear up for the New Year. It is when tax professionals meet with clients and request financial records to prepare tax returns for the prior calendar year. It is also a busy time for accountants, HR staff, and payroll departments responsible for preparing W-2s for employees and 1099s for independent contractors.
When you stop to think about the type of information contained in a tax return, W-2 or 1099, or included in your financial records, it is obvious that these documents are comprised of mainly personally identifiable information (“PII”) and other very sensitive data. If this type of information falls into the wrong hands, the results could be detrimental to your employees’ or clients’ privacy and financial security (not to mention potentially exposing you to significant liability). Consequently, it is imperative for all tax professionals to implement good privacy practices and security controls to protect PII and financial information from unauthorized access or use.
Data security is a necessity regardless of the size of your client base or business. More than that, protecting taxpayer data is the law. The Federal Trade Commission (“FTC”) has authority to set data safeguard regulations for various entities, including professional tax return preparers. The failure to comply with FTC regulations could result in an FTC investigation, unwanted audits, and fines, as well as a damaging smear on your business’s reputation.
According to the FTC Safeguards Rule, tax return preparers must create and enact written information security plans (“WISPs”) to protect their clients’ data. In doing so, tax professionals and other financial advisors should assess and mitigate risks to taxpayer data in all areas of operation, including (i) employee management and training; (ii) information systems; and (iii) detecting and managing system failures within your network. Additionally, the Internal Revenue Service (“IRS”) has issued guidance to tax professionals on protecting their client’s data by implementing strong security protocols. https://www.irs.gov/tax-professionals/tax-security-2-point-0-the-taxes-security-together-checklist.
Every employee, both professional and administrative staff, should be educated about security threats and safeguards when it comes to employee or client data. Businesses should also implement good privacy practices in daily operations. To help you, click here for helpful tips on ways to implement good privacy practices. We hope they are useful to you.