Monday, September 26, 2016

Protect Yourself and Your Clients Information

IRS has been stressing protecting taxpayer’s information, including asking tax professionals to have procedures designed to help protect the information.  In October 2015, IRS released Publication 4557, Safeguarding Taxpayer Data, A Guide for Your Business.  This publication is trying to provide suggestions for all professionals who deal with taxpayers’ data.  Although the text of this publication is 18 pages and sounds too long to read quickly, the large print, many charts, and many graphics actually leave us with only a few pages of information and they make an easy read.

The information in this publication is not the law but nevertheless the publication gives excellent suggestions for all businesses that deal with taxpayers’ data.  Here are some of items mentioned.

Some “security controls” are obvious and others are not so obvious.  Some mentioned in the publication include:

  1. Locking doors to restrict access to paper or electronic files,
  2. Requiring passwords to restrict to access to computer files,
  3. Encrypting electronically stored taxpayer data,
  4. Keeping a backup of electronic data for recovery purposes,
  5. Shedding paper containing taxpayer information before throwing it in the trash,
  6. Do not email unencrypted sensitive personal information.

Some “critical steps” mentioned include:

  1. Assure that taxpayer data, including data left on hardware and media, is never left unsecured,
  2. Require strong passwords (numbers, symbols, upper & lower case letters) on all computers and tax software programs and require periodic password changes every 60-90 days,
  3. Store taxpayer data in secure systems and encrypt information when transmitting across networks,
  4. Ensure that email being sent or received, that contains taxpayer data, is encrypted and secure,
  5. Make sure paper documents, computer disks, flash drives and other media are kept in secure location and restrict access to authorized users only,
  6. Create security requirements for your entire staff regarding computer information systems, paper records, and use of taxpayer data,
  7. Provide periodic training to update staff members on any changes and ensure compliance,
  8. Protect your facilities from unauthorized access and potential dangers,
  9. Create a plan on required steps to notify taxpayer should you be the victim of any data breach or theft,

The publication also has Checklists for:

  1. Administrative Activities,
  2. Facilities Security,
  3. Personnel Security,
  4. Information Systems Security,
  5. Computer Systems Security,
  6. Media Security,
  7. Certifying Information Systems for Use

These items are just highlights of the publication.  The publication also refers you to many other publications and sources for information.

This text has been shared with you courtesy of David & Mary Mellem, EAs & Ashwaubenon Tax Professionals.

@2016 Ashwaubenon Tax Professionals.  No reproduction of this article is permitted without the express written consent of Ashwaubenon Tax Professionals, 2140 Holmgren Way, Suite 1040, Green Bay, WI  54304, 920-496-1065.

No comments:

Post a Comment