Written Security Plan Requirement For Tax Preparers
The federal government requires tax preparers to maintain a written security plan relating to mitigating ID theft risks and protecting clients. Specific regulations for tax and accounting firms of varying sizes can be found below.
In IR-2020-184, the IRS brought to the attention of tax preparers that Federal law administered by the Federal Trade Commission (FTC) requires all professional tax preparers to create and maintain a written information security plan that is appropriate to the firm’s size and complexity. According to the FTC, the plan must:
-
Designate one or more employees to coordinate its information security program;
-
Identify and assess the risks to customer information in each relevant area of the company’s operation and evaluate the effectiveness of the current safeguards for controlling these risks;
-
Design and implement a safeguards program and regularly monitor and test it;
-
Select service providers that can maintain appropriate safeguards, make sure the contract requires them to maintain safeguards and oversee their handling of customer information; and
-
Evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring.
IRS Publication 4557, Safeguarding Taxpayer Data (PDF), details critical security measures that all tax professionals should enact. Moreover, the IRS may treat a violation of the FTC Safeguards Rule as a violation of IRS Revenue Procedure 2007-40, which sets the rules for tax professionals participating as an Authorized IRS e-file Provider.