Drake Software blog for tax pros, covering tax, IRS news, and more

National Tax Security Awareness: Writing a Data Security Plan

The Security Summit has been highlighting ways that taxpayers can protect their personally identifiable information (PII) from identity thieves. They closed out National Tax Security Awareness Week by spotlighting written data security plans.

Most tax offices use some form of data security—whether installing security software or hiring an outside security specialist, which makes sense. Tax professionals handle extremely sensitive personal and financial information that is coveted by criminals peddling tax-related identity theft scams.

Do tax professionals need a written data security plan?

The Security Summit reminds tax professionals that the Federal Trade Commission Safeguards Rule requires that all financial institutions create a written data security plan.

Since paid tax return preparers are considered a financial institution for the purposes of the Safeguards Rule, they need to have a written security plan in place that the IRS says is “appropriate to the company’s size and complexity, the nature and scope of its activities, and the sensitivity of the customer information it handles.”

While they acknowledge no two offices are the same, the FTC expects all tax professionals to include the following elements in their data security plan:

  • Designate one or more employees to coordinate its information security program;
  • Identify and assess the risks to customer information in each relevant area of the company's operation and evaluate the effectiveness of the current safeguards for controlling these risks.
  • Design and implement a safeguards program and regularly monitor and test it;
  • Select service providers that can maintain appropriate safeguards, make sure the contract requires them to maintain safeguards and oversee their handling of customer information; and
  • Evaluate and adjust the program in light of relevant circumstances, including changes in the firm's business or operations, or the results of security testing and monitoring.

Whether writing a data security plan from scratch or updating an older plan, the IRS says that Publication 4557, Safeguarding Taxpayer Data is a good starting point. Here’s a sample data security plan from Drake Software:

What were the National Tax Security Awareness Week topics for 2019?

If you’re interested in reading the other National Tax Security Awareness Week information, just follow the below links:

Source: IR-2019-200

Ryan Norton

Whether designing superheroes, penciling caricatures, or just doodling, I always knew I was going to earn some sort of art degree while in college. That was my goal before I decided to trade Edgar Degas for Edgar Allan Poe during a Freshman English class. The BA in English soon morphed into a double-major in English and Philosophy, eventually becoming an MA in English. It only makes sense that I learned of a writing opportunity for a local marketing firm while teaching a first-year college English course. Before I knew it, I was writing and editing tax-related articles for Taxing Subjects, and this has been my home since 2014.

comments powered by Disqus