Return to Tax and Company News
 

Post Date:  11/21/2016
Last Updated:  11/21/2016

Summary
Cross References
- FS-2016-23
- IR-2016-96
- IRS Pub. 4557, Safeguarding Taxpayer Data

With the fall tax seminar season in full swing, the number one topic discussed this year is identity theft. The sensitive client data held by tax professionals on their computers is attracting cybercriminals who are targeting the tax preparation community, using a variety of tactics in an attempt to steal the identity of taxpayers. Data breaches are increasing in number and scope, increasing the potential for stolen identity information to be used to file tax returns. Tax preparers play a critical role in protecting taxpayer data. What can tax preparers do? Data security includes all aspects of a tax preparer’s business. A tax preparer should review his or her administrative practices, facility protection, computer security, personnel & information systems. IRS Pub. 4557, Safeguarding Taxpayer Data, suggests the following procedures that tax preparers should implement to protect client data:
- Assure that taxpayer data, including data left on hardware and media, is never left unsecured.
- Securely dispose of taxpayer information.
- Require strong passwords (numbers, symbols, upper and lowercase) on all computers and tax software programs.
- Require periodic password changes every 60 to 90 days.
- Store taxpayer data in secure systems and encrypt information when transmitting across networks.
- Ensure that email being sent or received, that contains taxpayer data, is encrypted and secure.
- Make sure paper documents, computer disks, flash drives, and other media are kept in a secure location and restrict access to authorized users only.
- Use caution when allowing or granting remote access to internal networks containing sensitive data.
- Terminate access to taxpayer information for anyone who is no longer employed by the tax preparer’s business.
- Create security requirements for the tax preparer’s entire staff regarding computer information systems, paper records, and use of taxpayer data.
- Provide periodic training to update staff members on any changes and ensure compliance.
- Protect facilities from unauthorized access and potential dangers.
- Create a plan on required steps to notify taxpayers if there is any data breach or theft.
- Complete a risk assessment to identify risk and potential impacts of unauthorized
access.
- Write and follow an Information Security plan.
- Consider performing background checks and screen individuals before granting access to taxpayer information.

See printable version for remainder of article.

Print Version:  Click here for a printable version of this document.