Securing your Client Data
Of all of the subjects that got the attention of the industry – the Affordable Care Act, identity theft, and licensing of tax preparers among them – one did not get much attention, but should have.
It’s the requirement to properly secure all of the communications between you and the client.
Tax preparers who fail to heed the rules could find themselves paying penalties of $100,000 per incident for the firm, and $10,000 per incident for the individual.
Fortunately, there are solutions that are simple, cost-effective, and compliant with the law.
According to the IRS, in its publication “Safeguarding Taxpayer Data,” safeguarding this data is a top priority, and is reflected in Circular 230. Unenrolled tax preparers not covered by Circular 230 are nonetheless bound by a number of other federal regulations that include:
- The Gramm-Leach-Bliley Financial Modernization Act of 1999, otherwise known as the Gramm-Leach-Bliley Act (GLBA), directed the FTC to establish the Financial Privacy Rule and the Safeguards Rule. It also extends the definition of financial institutions to include financial planners and tax preparers. More information is available at http://www.ftc.gov/privacy/privacyinitiatives/glbact.html.
- The FTC Standards for Safeguarding Customer Information Rule (16 CFR Part 314) – This Rule (otherwise known as the Safeguards Rule) requires financial institutions, as defined, which includes professional tax preparers, data processors, affiliates, and service providers to ensure the security and confidentiality of customer records and information. It protects against any anticipated threats or hazards to the security or integrity of such records. In addition, it protects against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer. The Safeguards Rule is available at http://www.ftc.gov/privacy/privacyinitiatives/glbact.html .
- The Financial Privacy Rule aims to protect the privacy of the consumer by requiring financial institutions to give their customers privacy notices that explain the financial institution’s information collection and sharing practices. In turn, customers have the right to limit some sharing of their information. Also, financial institutions and other companies that receive personal financial information from a financial institution may be limited in their ability to use that information. The FTC Privacy Rule implements sections 501 and 502(b)(2) of the GLBAt requirements. The Privacy Rule is available at http://www.ftc.gov/privacy/ privacy initiatives/financial_rule.html.
- Title 26: Internal Revenue Code (IRC) § 301.7216.1 Imposes criminal penalties on any person engaged in the business of preparing or providing services in connection with the preparation of tax returns who knowingly or recklessly makes unauthorized disclosures or uses of information furnished to them in connection with the preparation of an income tax return. Internal Revenue Code (IRC) § 7216 is available at http://www.gpoaccess.gov .
- Title 26: Internal Revenue Code (IRC) § 6713 imposes monetary penalties on the unauthorized disclosures or uses of taxpayer information by any person engaged in the business of preparing or providing services in connection with the preparation of tax returns. Internal Revenue Code (IRC) § 6713 is available at http://www.gpoaccess.gov.
- Internal Revenue Procedure 2005-60 requires authorized IRS e-file providers to have security systems in place to prevent unauthorized access to taxpayer accounts and personal information by third parties. It also specifies that violations of the GLBA and the implementing rules and regulations promulgated by the FTC, as well as violations of the non-disclosure rules contained the Internal Revenue Code (IRC) § sections 6713 and 7216 are considered violations of Revenue Procedure 2005-60, and are subject to sanctions specified in the Revenue Procedure. Internal Revenue Procedure 2005-60 is available at www.irs.gov.
- Additional state and local laws
Meeting the Requirements
The IRS, in its “Safeguarding Taxpayer Data” publication, provides an extensive checklist for use by tax providers in meeting the requirements of various laws. The checklists are helpful in addressing client data security overall and are highly recommended.
But tax preparers need specific recommendations for systems that can easily and economically keep their practice in compliance. And that is where SecureFilePro from Drake Software is a critical technology for accounting and other financial services firms.
In use by hundreds of Drake Software customers, SecureFilePro offers a more secure way to send files to clients (tax return and other documents)and receive files from clients (W2, Organizer, etc.). Branded with the firm’s name and logo, it also provides secure storage of documents, so that either party may access the information afterward from anywhere in the world, at any time it is needed.
SecureFilePro offers tax and accounting professionals six major benefits:
- It’s secure. The portal site and its client files are protected by tough, industry-standard 256-bit SSL encryption. The files are stored on Drake’s secure servers, with redundant power and protection systems to guard against physical disasters and security breaches.
- It provides paperless document exchange so that professionals spend less time printing, faxing,
- or mailing documents to clients each time they need a copy.
- It’s personal. The client sees the information relevant to his or her firm, with access restricted to those members of the client company that the client designates.
- It’s a Web-based application in the Cloud. SecureFilePro works with virtually any computer, tablet, and virtually any web browser.
- It’s updated regularly to keep current with the needs of professionals. Recent enhancements include the ability to:
- Set file expiration dates
- Customize default expiration dates
- Customize e-mail sent to customers (including the logo, text, and footers)
- Move and copy files within the client’s portal or between Public and Private folders.
- It is fully integrated with Drake’s award-winning tax preparation and document management solutions for exceptional ease of use.
Try the free trial of SecureFilePro to evaluate it. It is available, with capacity for 250 MB of data (about 500 documents), offering customer branding, unlimited clients, and unlimited accounts. Three tiers of continuing service are offered:
1. Basic - 250 MB service for $9.95 per month or $99.95 per year
2. Standard -1 GB service (roughly 2,000 documents) for $19.95 per month or $199.95 per year
3. Deluxe - 5 GB service (roughly 10,000 documents) for $29.95 per month or $299.95 per year
Firms requiring more storage space above the Deluxe level may purchase it for $10 per month for an additional 5 GB.
Sources: Internal Revenue Service, Drake Software