Here’s what tax preparers need to know about a data security plan

Notice: Historical Content


This is an archival or historical document and may not reflect current law, policies or procedures.

Tax Tip 2019-174, December 11, 2019

With the tax filing season just weeks away, tax professionals who have a data security plan should review it for updates. Those who don't have a plan should create one and use the information below to get started. Having a written data security plan isn't just a good idea, it's federal law.

Identity thieves target tax professionals because of the client data they have on hand. Thieves use stolen data from tax preparers to create fake returns that can be harder for the IRS to detect.

Getting started on a plan

To get started on a data security plan, tax pros should review Publication 4557, Safeguarding Taxpayer DataPDF. This publication helps preparers to:

  • Understand critical security measures that all tax professionals should put in place, including a checklist of items for a data security plan.
  • Follow the Federal Trade Commission's Safeguards Rule.
  • Focus on key areas such as employee management and training, information systems, and finding and managing system failures.

Plan Requirements

These items are required when writing and following a data security plan:

  • Pick one or more employees to coordinate the information security program.
  • Identify the risks to customer information.
  • Evaluate the safety measures for controlling these risks.
  • Design and implement a safeguards program.
  • Select service providers that can maintain proper safety measures.
  • Make sure the contract requires the provider to maintain safety measures and oversees their handling of customer information.
  • Regularly monitor and test the program.
  • Change the security program as needed. This should happen if any part is outdated, or when employees leave or join the company.

More information:

Subscribe to IRS Tax Tips