Posted by: Heather Shy on July 26, 2019 at 8:00 am
The IRS released a statement this week reminding “professional tax preparers” that they must have a written information security plan to protect their clients’ data. The Federal Trade Commission mandates this policy.
“Protecting taxpayer data is not only a good business practice, it’s the law for professional tax preparers,” said IRS Commissioner Chuck Rettig. “Creating and putting into action a written data security plan is critical to protecting your clients and protecting your business.”
According to the FTC Safeguards Rule, tax return preparers must create and enact security plans to protect client data. Failure to do so may result in an FTC investigation. The IRS also may treat non-compliance as a violation of Authorized IRS e-file Provider rules.
Per the statement, each security plan must include:
- at least one designated employees to coordinate its information security program;
- known risks to customer information in the company’s operations and evaluate the effectiveness of current safeguards;
- a safeguards program including regular monitoring and testing;
- service providers that can maintain appropriate safeguards; and
- provisions to evaluate and adjust the program in case of changes in the firm’s business or operations.
However, the IRS notes that the rules are flexible to make allowances for company size, complexity, business focus, and sensitivity of client data.
How to Get Started Writing Your Data Security Plan
Before you can write your data security plan, you must know what data security you have. After all, you wouldn’t tell a client their tax refund (or bill) amount until you know what exemptions and deductions they qualify for.
In the same way, it’s impossible to write a data security plan until you know what you’re starting from.
For that reason, TAZ Networks recommends a comprehensive network security review before writing your data security plan. This review should include:
- The number and age of your computers;
- Which operating system versions your computers run on (Did you know Windows 7 could become a major security risk as of January 2020?);
- Which version of server operating software your business depends on;
- What protections you have in place already; and
- A list of recommended security measures to implement.
Short on time for this kind of project? Not sure where to begin? Fill in the form on the right and a representative from TAZ Networks will help you get started.