Backing Up Client Data
Backing Up Client Data
There was a time when backing up data for a tax or accounting firm fell under the heading of “best practices” – a professional thing to do to help the firm and its clients.
Today, a backup and recovery system for client data is mandated by law.
As you weave your way through the final days of tax season, it’s important to know that backing up your data is covered under at least two federal regulations.
The Federal Trade Commission requires that the firm handle taxpayer information under provisions of the Gramm-Leach Bliley Act (GLB Act) and the Federal Trade Commission (FTC) Financial Privacy and Safeguards Rules. Financial institutions as defined by FTC include professional tax preparers, data processors, their affiliates, and service providers who are significantly engaged in providing financial products or services. They must take the following steps to protect taxpayer information:
- Take responsibility or assign an individual or individuals to be responsible for safeguards;
- Assess the risks to taxpayer information in your office, including your operations, physical environment, computer systems, and employees, if applicable. Make a list of all the locations you keep taxpayer information (computers, filing cabinets, bags, and boxes taxpayers may bring you);
- Write a plan of how you will safeguard taxpayer information. Put appropriate safeguards in place;
- Use only service providers who have policies in place to also maintain an adequate level of information protection defined by the Safeguards Rule; and
- Monitor, evaluate, and adjust your security program as your business or circumstances change.
The FTC also mandates security controls that for the first time specifically requires backups of client data:
- Locking doors to restrict access to paper or electronic files;
- Requiring passwords to restrict access to computer files;
- Encrypting electronically stored taxpayer data;
- Keeping a backup of electronic data for recovery purposes; and
- Shredding paper containing taxpayer information before throwing it in the trash.
What are the basics of backup? We recommend four steps:
- Backup daily – automate it if you can (run it at night), because when you get busy, the backup will be one of the most likely tasks you decide to skip if it is manual (You can set up automatic backups in Drake Tax Software).
- Make three copies – the original data, a copy that is easily accessible, and one that is protected (an offsite copy). As thousands of businesses learned during the hurricane, tornado and fire seasons of the past few years, it is critical that you always have a backup out of the office – hopefully in a fully-redundant, backup facility meant for this purpose.
- Check the integrity of your backups every couple weeks during tax season, restoring one or more files to make sure the process works. Especially if you have it automated, check occasionally to make sure nothing has changed or interfered with the process.
- Do the things that help protect you from needing a backup (up-to-date antivirus, firewall, etc…). Be mindful of aging computers that are starting to show signs of wear and tear and may fail – taking the backup with them.
Check out our 1-hour webinar on Safeguarding Taxpayer Data. In addition, more information can be found in the IRS Publication “Safeguarding Taxpayer Data” at http://www.irs.gov/pub/irs-pdf/p4557.pdf.