1099-Ks Will Reappear in This Filing Season
Safeguard Your Records in Case of a Disaster

An Evergreen Reminder of Requirements Regarding Securing Client Data

William Stromsem, CPA, J.D., George Washington University School of Business

 

Cyberthieves are trying to get your information year-round. Now that October 15 is behind us and year-end tax planning is not here yet, this might be a good time to review requirements for securing client information. If you have a data breach, this can ruin client relationships and even end your practice.

 

The IRS requires a Written Information Security Plan (WISP) to protect your firm and clients from cyberattacks. Ensure that your plan is valid, up to date and in compliance with the IRS requirements. IRS Publication 5708 is a brief document that details what is required and how to customize your plan for your practice. AICPA Tax Section members can download a copy of AICPA's WISP template.

 

Also, the Federal Trade Commission requires practices to use multifactor authentication in accessing client information that is stored on computers or on networks (including cloud storage). This would include return preparation records when vendor software is used. Multifactor identification involves using two or more items that only the user would know, like username and password, or if available, facial recognition, fingerprints or other means of verifying that the person accessing the information is authorized to do so. 

 

Hopefully, your firm has this fully implemented.

 

Publication 5708 (Rev. 8-2024) (irs.gov) Creating a WISP for your tax and accounting practice

How To Comply with the Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley Act | Federal Trade Commission (ftc.gov)

FTC Safeguards Rule: What Your Business Needs to Know | Federal Trade Commission

Gramm-Leach-Bliley Act (GLBA) and the FTC Safeguards Rule | Resources | AICPA & CIMA (aicpa-cima.com)

Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name is required. Email address will not be displayed with the comment.)