The Security Summit has been highlighting ways that taxpayers can protect their personally identifiable information (PII) from identity thieves. They closed out National Tax Security Awareness Week by spotlighting written data security plans.
Most tax offices use some form of data security—whether installing security software or hiring an outside security specialist, which makes sense. Tax professionals handle extremely sensitive personal and financial information that is coveted by criminals peddling tax-related identity theft scams.
Do tax professionals need a written data security plan?
The Security Summit reminds tax professionals that the Federal Trade Commission Safeguards Rule requires that all financial institutions create a written data security plan.
Since paid tax return preparers are considered a financial institution for the purposes of the Safeguards Rule, they need to have a written security plan in place that the IRS says is “appropriate to the company’s size and complexity, the nature and scope of its activities, and the sensitivity of the customer information it handles.”
While they acknowledge no two offices are the same, the FTC expects all tax professionals to include the following elements in their data security plan:
- Designate one or more employees to coordinate its information security program;
- Identify and assess the risks to customer information in each relevant area of the company's operation and evaluate the effectiveness of the current safeguards for controlling these risks.
- Design and implement a safeguards program and regularly monitor and test it;
- Select service providers that can maintain appropriate safeguards, make sure the contract requires them to maintain safeguards and oversee their handling of customer information; and
- Evaluate and adjust the program in light of relevant circumstances, including changes in the firm's business or operations, or the results of security testing and monitoring.
Whether writing a data security plan from scratch or updating an older plan, the IRS says that Publication 4557, Safeguarding Taxpayer Data is a good starting point. Here’s a sample data security plan from Drake Software:
What were the National Tax Security Awareness Week topics for 2019?
If you’re interested in reading the other National Tax Security Awareness Week information, just follow the below links:
- National Tax Security Awareness Week: Online Shopping and PII
- National Tax Security Awareness Week: Spotting Phishing Scams
- National Tax Security Awareness Week: Making Secure Passwords
- National Tax Security Awareness Week: Spotting Business Identity Theft