The IRS has issued a reminder to all practitioners that all "Professional Tax Preparers" must create a written data security plan to protect clients.
The IRS and Security Summit partners are reminding tax preparers to take time this Summer to make sure the plan is in place. It's required by Federal Law!
“Protecting taxpayer data is not only a good business practice, it’s the law for professional tax preparers,” said IRS Commissioner Chuck Rettig. “Creating and putting into action a written data security plan is critical to protecting your clients and protecting your business."
The FTC-required information security plan must be appropriate to the company’s size and complexity, the nature and scope of its activities and the sensitivity of the customer information it handles. This is very similar to the Massachusetts Data Protection Law requirements that went into effect in 2010.
According to the FTC, each company, as part of its plan, must:
- designate one or more employees to coordinate its information security program;
- identify and assess the risks to customer information in each relevant area of the company’s operation and evaluate the effectiveness of the current safeguards for controlling these risks;
- design and implement a safeguards program and regularly monitor and test it;
- select service providers that can maintain appropriate safeguards, make sure the contract requires them to maintain safeguards and oversee their handling of customer information; and
- evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring.
Its important to note that the plan is to be designed around the company’s size and complexity. The security coverage doesn't need to be expensive, but it needs to be comprehensive. There are so many affordable options available to smaller organizations, so don't put this off and risk your clients and your reputation.
Summer is a great time to step up security! Ekaru has a lot of training materials and affordable security options for small businesses, so if you have any questions about your existing security and risk level, give us a call!
For more information, you can access the full IRS post here.