Tax Tip 2019-174, December 11, 2019
With the tax filing season just weeks away, tax professionals who have a data security plan should review it for updates. Those who don't have a plan should create one and use the information below to get started. Having a written data security plan isn't just a good idea, it's federal law.
Identity thieves target tax professionals because of the client data they have on hand. Thieves use stolen data from tax preparers to create fake returns that can be harder for the IRS to detect.
Getting started on a plan
To get started on a data security plan, tax pros should review Publication 4557, Safeguarding Taxpayer Data (PDF). This publication helps preparers to:
- Understand critical security measures that all tax professionals should put in place, including a checklist of items for a data security plan.
- Follow the Federal Trade Commission's Safeguards Rule.
- Focus on key areas such as employee management and training, information systems, and finding and managing system failures.
These items are required when writing and following a data security plan:
- Pick one or more employees to coordinate the information security program.
- Identify the risks to customer information.
- Evaluate the safety measures for controlling these risks.
- Design and implement a safeguards program.
- Select service providers that can maintain proper safety measures.
- Make sure the contract requires the provider to maintain safety measures and oversees their handling of customer information.
- Regularly monitor and test the program.
- Change the security program as needed. This should happen if any part is outdated, or when employees leave or join the company.
- Taxes-Security-Together Checklist
- Small Business Information Security: The Fundamentals by the National Institute of Standards and Technology (PDF)
- Publication 5293, Data Security Resource Guide for Tax Professionals (PDF)