Previous month:
October 2017
Next month:
December 2017

November 2017

Does Your Firm Have a Data Security Plan and a Data Breach Plan?

We all know that tax preparer firms are under attack from felonious hackers. A security breach can destroy your professional reputation with affected clients and businesses, and possibly your livelihood. If you handle taxpayer information, you may be subject to the Gramm-Leach-Bliley Act and the Federal Trade Commission’s (FTC’s) Safeguards Rules, which require that you assess the risks to taxpayer information in your office and have a plan of appropriate protections of that information. Texas also mandates under penalty of law that businesses secure personal data and activate a plan if that data is compromised.

The crime wave will only get worse, so you need to be ready by ensuring the safety of confidential data. (Some of the following recommendations may overlap.)

Create a security plan:

  • Review IRS Publication 4557, Safeguarding Taxpayer Data, that provides seven checklists of security control measures that you can put in place, https://www.irs.gov/pub/irs-pdf/p4557.pdf.
  • Use top-notch software and network security or work with an IT professional who specializes in security (includes CISSP, CISA and CISM certifications).
  • Review your firm’s insurance policy for identity theft or cyber-breach protection coverage.
  • Pay special attention to any remote access programs that your firm uses.
  • Regularly track the number of returns filed under your EFIN and PTIN accounts, https://www.eitc.irs.gov/Tax-Preparer-Toolkit/Protect-Yourself.
  • Ensure that the firm has a current and good backup of all data.
  • Review the firm’s risk management procedures, http://www.aicpa.org/interestareas/informationtechnology/resources/privacy/pages/default.aspx.
  • Be aware that the human element, the unintentional internal breach, is equally as dangerous:
    • Create and use strong passwords.
    • Use only secure Wi-Fi.
    • Encrypt electronically stored taxpayer data and emails containing personal identifying information.
    • Be vigilant in implementing your firm’s data destruction policy.
    • Develop specific policies and procedures for handling proprietary or sensitive information.
    • Have a firm-wide computer policy to ensure that all employees are up-to-date on acceptable use of technology.
    • Conduct regular employee training on the firm’s data, security and computer policies, including awareness of phishing scams, password-stealing malware and other cybercrimes.
    • Audit your employees’ security access controls.
    • Have procedures in place for unauthorized or malicious use of proprietary data.

Create a breach action plan for data theft:

  • Perform a security scan of all firm laptops and your network if an unusual number of the firm’s clients are notified by the IRS of a suspicious tax return.
  • Have a procedure in place to quickly restore backup data if a breach occurs.
  • IRS asks that you contact your local IRS Stakeholder Liaison if you experience a data compromise, https://www.irs.gov/businesses/small-businesses-self-employed/stakeholder-liaison-local-contacts-1.
  • Texas State Board Rules of Professional Conduct, Rule 501.75—Confidential Client Information was updated in 2017 to require that “immediately upon becoming aware of the loss of, or loss of control over, the confidentiality of those records notify the client affected in writing of the date and time of the loss if known.”
  • If applicable, notify the Texas comptroller’s office and possibly the Texas attorney general’s office, https://www.texasattorneygeneral.gov/cpd/protecting-consumers-personal-data.
  • Review the FTC’s Business Center to assist businesses with data losses, https://www.ftc.gov/tips-advice/business-center/guidance/data-breach-response-guide-business.
  • Notify your legal counsel.
  • Notify your insurance carrier.
  • Notify law enforcement and obtain a copy of the policy report, https://www.texasattorneygeneral.gov/identitytheft/report-id-theft-crime.
  • Review procedures for complying with Texas’ state law, “Notification Required Following Breach of Security of Computerized Data,” section 521.053 of the Texas Business and Commerce Code, http://codes.findlaw.com/tx/business-and-commerce-code/bus-com-sect-521-053.html.
  • Designate a point person in your firm for releasing information to clients, the media, etc.
  • Notify affected clients and businesses of the nature of the compromise, the type of information taken, the likelihood of misuse and the potential damage if the information is misused. (The FTC has a model letter at https://www.ftc.gov/tips-advice/business-center/guidance/data-breach-response-guide-business.)
  • Notify the credit bureaus to put fraud alerts on your credit records.
  • Consider offering at least one year of credit monitoring and credit restoration, if applicable. (This may be available through your insurance carrier.)
  • Have a list of how your clients should proceed (can include this in the breach letter):

As a tax professional, you take your responsibility to your clients seriously – you should take their data seriously, as well.


TSCPA Member Participates in IRS News Conference on Identity Theft

Trenda Hackett, CPA-Dallas, represented Texas Society of CPAs and the tax professional community in a north Texas area press conference on Nov. 30, 2017, for National Tax Security Awareness Week. Hackett is a senior technical tax editor of the Tax and Accounting business of Thomson Reuters and a member of TSCPA’s Relations with IRS Committee. The IRS is collaborating with the tax industry, state tax agencies and community organizations across the nation to alert taxpayers and reinforce vigilance on how to avoid becoming victims of identity theft and other tax scams that tend to peak as the holiday approaches.


Reminder of Information Return Filing Deadlines on Jan. 31

 

The IRS issued a reminder in IR-2017-189 to employers and other businesses of the Jan. 31 filing deadline that now applies to filing wage statements and independent contractor forms with the government. This deadline was the same last year.

 

The Protecting Americans from Tax Hikes Act of 2015 includes a requirement for employers to file their copies of Form W-2 and W-3 with the Social Security Administration by Jan. 31. This deadline also applies to certain Forms 1099-MISC filed with the IRS to report non-employee compensation to independent contractors. Such payments are reported in box 7 of this form. There are other cases that require Forms 1099-MISC to be filed so taxpayers should consult the instructions to ensure that they complete all required filings. Failure to timely file these forms can lead to penalties assessed by the IRS.

 

An extension of time to file W-2s is no longer automatic and is only granted for specific reasons. These reasons are listed on Form 8809 and include the following: affected business in a Presidentially Declared Disaster Area; other catastrophic event affected the business; unavoidable absence of responsible individual; and new business in its first year. Based on these descriptions, it appears that businesses in Texas affected by Hurricane Harvey would be eligible for an extension of this deadline for W-2s.

https://www.irs.gov/government-entities/federal-state-local-governments/increase-in-information-return-penalties-2


Amendments to Chapter 12 Make it Easier for a Family Farmer to Reorganize

On Oct. 26, President Trump signed into law the bipartisan Family Farmer Bankruptcy Clarification Act of 2017. It was part of a larger bill, H.R. 2266, Additional Supplemental Appropriations for Disaster Relief Requirements Act of 2017. This act reverses the Supreme Court decision in Hall v. United States, 132 S. Ct. 1882 (2012), that declared tax attributable to the sale of farm property after a bankruptcy petition was filed was not part of the bankruptcy petition and accordingly had priority over the other debts that were included in the petition. That meant the capital gains tax on the sale of farm land, which would often be significant, would reduce the funds available to other creditors. The act now clarifies that a bankrupt family farmer who sells farm assets to generate funds to pay creditors can treat the tax attributable to that sale as a general unsecured claim in the bankruptcy proceedings. It is intended to assist struggling farmers with debts under $4,153,150 (indexed for inflation) by providing them with more options for reorganization through Chapter 12 bankruptcy.

https://www.calt.iastate.edu/blogpost/president-trump-signs-family-farmer-bankruptcy-clarification-act-law


Imminent E-File Deadline Approaching on Nov. 18

The IRS announced on Oct. 31, 2017, that it will stop accepting e-filed returns for 2016 after Nov. 18, 2017. After that date, any disaster victims who are eligible to file through Jan. 31, 2018, will be required to submit their returns via paper instead of e-filing. This will likely result in delays in processing and remitting refunds for the disaster victims. The disaster victims are those affected by hurricanes, tropical storms or wildfires in portions of the following states: California, Florida, Georgia, Louisiana, South Carolina and Texas. Portions of Puerto Rico and the Virgin Islands also qualify for the extended deadline. The IRS is shutting down the e-file system to prepare for accepting 2017 tax returns.

https://www.irs.gov/newsroom/for-tax-year-2016-e-file-closes-on-nov-18-after-that-disaster-victims-others-need-to-file-on-paper