IRS Logo
Print - Click this link to Print this page

Laws and Regulations

Many federal, state, city and local government laws and regulations are in place to safeguard taxpayer data. The following table includes a brief description of some of them and provides references to more detailed information.

SAFEGUARDING TAXPAYER DATA
References to Applicable Laws and Regulations

Type: Federal/Privacy and Security
Summary: The Gramm-Leach-Bliley Financial Modernization Act of 1999
- This statute (otherwise known as the Gramm-Leach-Bliley Act) (GLB Act), among other things, directed FTC to establish the Financial Privacy Rule and the Safeguards Rule. 

Type: Federal/Security
Summary:
FTC Standards for Safeguarding Customer Information Rule (16 CFR Part 314) - This Rule (otherwise known as the Safeguards Rule) requires financial institutions, as defined, which includes professional tax preparers, data processors, affiliates and service providers to ensure the security and confidentiality of customer records and information. It protects against any anticipated threats or hazards to the security or integrity of such records. In addition, it protects against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer. This Rule requires that financial institutions develop, implement and maintain an Information Security Program. The plan should be written in one or more accessible parts and contain administrative, technical and physical safeguards that are appropriate to the business’ size and complexity, nature and scope of activities and sensitivity of customer information handled.
Sarbanes-Oxley Act of 2002 (17 CFR Parts 232, 240 and 249) - Section 404 requirements apply to all Securities and Exchange Commission (SEC) reporting companies with a market capitalization in excess of $75 million. It requires companies to establish an infrastructure to protect and preserve records and data from destruction, loss, unauthorized alteration or other misuse. This infrastructure must ensure there is no room for unauthorized alteration of records vital to maintaining the integrity of the business processes. 

Type: Federal/Privacy
Summary:
FTC Privacy of Consumer Financial Information Rule (16 CFR Part 313) - This Rule (otherwise known as the Financial Privacy Rule) aims to protect the privacy of the consumer by requiring financial institutions, as defined, which includes professional tax preparers, data processors, affiliates and service providers to give their customers privacy notices that explain the financial institution’s information collection and sharing practices. In turn, customers have the right to limit some sharing of their information. Also, financial institutions and other companies that receive personal financial information from a financial institution may be limited in their ability to use that information. The FTC Privacy Rule implements sections 501 and 502(b)(2) of the GLB Act requirements.
Title 26: Code of Federal Regulations (CFR) § 301.7216.1 –
This provision imposes criminal penalties on any person engaged in the business of preparing or providing services in connection with the preparation of tax returns who knowingly or recklessly makes unauthorized disclosures or uses of information furnished to them in connection with the preparation of an income tax return. Title 26: Internal Revenue Code (IRC) § 6713- This provision imposes monetary penalties on the unauthorized disclosures or uses of taxpayer information by any person engaged in the business of preparing or providing services in connection with the preparation of tax returns. Internal Revenue Procedure 2007-40 - This procedure requires Authorized IRS e-file Providers to have security systems in place to prevent unauthorized access to taxpayer accounts and personal information by third parties. It also specifies that violations of the GLB Act and the implementing rules and regulations promulgated by the FTC, as well as violations of the non-disclosure rules contained in IRC sections 6713 and 7216 or the regulations promulgated there under are considered violations of Revenue Procedure 2007-40, and are subject to sanctions specified in the Revenue Procedure.

Type: State/Privacy and Security
Summary:
State Laws - Many state laws govern or relate to the privacy and security of financial data, which includes taxpayer data. They extend rights and remedies to consumers by requiring individuals and businesses that offer financial services to safeguard nonpublic personal information. For more information on state laws that your business must follow, consult state laws and regulations.

-Previous-          -Table of Contents-          -Next-

Page Last Reviewed or Updated: 22-Sep-2016