IRS Tax Tip 2019-119, August 29, 2019
Tax pros must create a written security plan to protect their clients’ data. In fact, the law requires them to make this plan.
Creating a data security plan is one part of the new Taxes-Security-Together Checklist. The IRS and its Security Summit partners created this checklist. It helps tax professionals protect sensitive data in their offices and on their computers.
Many tax preparers may not realize they are required under federal law to have a data security plan. Each plan should be tailored for each specific office. When creating it, the tax professional should take several factors into consideration. This includes things like the company’s size, the nature of its activities, and the sensitivity of its customer information.
Creating a plan
Tax professionals should make sure to do these things when writing and following their data security plans:
- Include the name of all information security program managers.
- Identify all risks to customer information.
- Evaluate risks and current safety measures.
- Design a program to protect data.
- Put the data protection program in place.
- Regularly monitor and test the program.
Selecting a service provider
Companies should have a written contract with their service provider. The provider must:
- Maintain appropriate safety measures.
- Oversee the handling of customer information review.
- Revise the security program as needed.
- Publication 4557, Safeguarding Taxpayer Data (PDF)
- Small Business Information Security: The Fundamentals by the National Institute of Standards and Technology (PDF)
- Publication 5293, Data Security Resource Guide for Tax Professionals (PDF)