Safeguards Rule

Post Date: 8/6/18
Last Updated: 8/6/18


Cross References

Tax professionals are included in the types of businesses that are required to comply with the Safeguards Rule. Under these rules, financial institutions are required to protect the consumer information they collect. Tax preparers are considered financial institutions for purposes of these rules. The IRS recently reminded the tax preparation community of the responsibility to safeguard client information, including the use of strong passwords, the use of antivirus software, firewalls, two-factor authentication, backup software/services, drive encryption, and data security plans.

Tax professionals are also required to develop a written information security plan that describes their program to protect customer information. The plan must be appropriate to the company's size and complexity, the nature and scope of its activities, and the sensitivity of the customer information it handles.

As part of this written plan, a tax professional must:
- Designate one or more employees to coordinate its information security program,
- Identify and assess the risks to customer information in each relevant area of the com- pany's operation, and evaluate the effectiveness of the current safeguards for controlling these risks,
- Design and implement a safeguards program, and regularly monitor and test it,
- Select service providers that can maintain appropriate safeguards, make sure contracts with these service providers requires them to maintain safeguards, and oversee their handling of customer information, and
- Evaluate and adjust the program in light of relevant circumstances, including changes in the firm's business or operations, or the results of security testing and monitoring.

See printable version for remainder of article.
Return to Tax Industry News
© Tax Materials, Inc. 2021