Information For...

For you and your family
Standard mileage and other information

Forms and Instructions

Individual Tax Return
Instructions for Form 1040
Request for Taxpayer Identification Number (TIN) and Certification
Request for Transcript of Tax Return


Employee's Withholding Allowance Certificate
Employer's Quarterly Federal Tax Return
Employers engaged in a trade or business who pay compensation
Installment Agreement Request

Popular For Tax Pros

Amend/Fix Return
Apply for Power of Attorney
Apply for an ITIN
Rules Governing Practice before IRS

Tips for tax preparers on how to create a data security plan

IRS Tax Tip 2018-151, September 27, 2018

The IRS reminds tax preparers that protecting taxpayer information isn’t just good for their clients and good for business – it’s also the law. The Federal Trade Commission’s Safeguards Rule requires that tax preparers create and enact security plans.

Although the IRS and its partners in the Security Summit are making progress against tax-related identity theft, cybercriminals continue to evolve. In fact, data thefts at tax professionals’ offices are on the rise. Thieves use stolen data from tax preparers to create fraudulent returns that are harder to detect.

Creating a security plan can help businesses – such as tax preparers – protect their offices against tax-related identity theft. Preparers should also remember that failing to create a plan may result in an FTC investigation. Here are some things tax preparers should know about putting together such a plan:

  • The FTC-required information security plan must be appropriate to the company’s size and complexity. A business should also consider the sensitivity of the customer information it handles.
  • A business should designate one or more employees to coordinate its information security program.
  • A preparer should identify and assess the risks to customer information.
  • They should also review and evaluate the effectiveness of the current safeguards for controlling any risks to data.
  • After designing and implementing a safeguards program, the business should regularly monitor and test it.
  • A business should select service providers that can maintain appropriate safeguards.
  • When signing a contract with a service provider, the business should make sure the contract requires the provider to maintain safeguards and oversee their handling of customer information.
  • A business should regularly evaluate and adjust the program as time goes on. This includes things like changes in the firm’s business or operations, and the results of security testing.
  • The FTC says the requirements are designed to be flexible so that companies can implement safeguards appropriate to their own circumstances.
  • Publication 4557,  Safeguarding Taxpayer Data, has information about critical security measures that all tax professionals should put in place.
  • Publication 4557 also includes a checklist of items to include in a data security plan.
  • The IRS may treat a violation of the FTC Safeguards Rule as a violation of IRS Revenue Procedure 2007-40. node/48886 This sets the rules for tax professionals participating as an Authorized IRS e-file Provider.

The IRS and its partners in the Security Summit are reminding preparers about creating a security plan as part of the Tax Security 101 awareness initiative. The goal is to provide tax professionals with the basic information they need to better protect taxpayer data and to help prevent the filing of fraudulent tax returns.

More Information:

Subscribe to IRS Tax Tips