Reprinted with permission.
Credit: Bob Jennings, CPA – TaxSpeaker.com
The last several weeks have seen identity theft and security issues become bigger news than politics and North Korea. The hacking of Equifax, combined with the fines assessed on TaxSlayer for failing to comply with privacy protection laws and the IRS’ new focus on tax preparer office security risks has led us to provide a whole new level of security guidance for this fall’s 1040 classes.
In August, TaxSlayer LLC became the first tax preparation service to face charges of violating the law, according to the Federal Trade Commission. The Gramm-Leach-Bliley (GLB) Privacy Act of 1999 requires companies to inform customers about their privacy policies and practices with an initial and annual notice, while the safeguard rule mandates that companies have measures to secure customer data. The FTC also noted that TaxSlayer didn’t have a written information security program, failed to conduct the necessary risk assessment, and failed to implement the safeguards to control those risks—specifically, the risk that hackers would use the stolen credentials. It failed to provide a “clear and conspicuous initial privacy notice” and to “deliver the initial privacy notice so that each customer could reasonably be expected to receive the actual notice.”
GLB requires that tax professionals protect client’s information, which is:
- Any information an individual gives you regarding name, address, SSN or other information on any form, organizer or checklist,
- Any information you get about an individual from a transaction involving your financial product(s) or service(s) (for example, the fact that an individual is your consumer or customer, account numbers, loan balances, and direct deposit or banking information); or
- Any information you get about an individual in connection with providing a financial product or service (for example, information from court records or from a consumer report).
In other words, all client data must be secured at all times, and may only be disclosed or accessed with client permission and clear client identification and written disclosure requirements.
According to the FTC, the GLBA Safeguards Rule requires organizations to develop a written information security plan that describes how they protect client information. The plan must be appropriate to the firm’s size and complexity, the nature and scope of its activities, and the sensitivity of the client information it handles.
What to Expect from OSPA sponsored TaxSpeaker 2017 Fall 1040 classes on Security and other topics:
First, we have added an entire new chapter on security, which includes a GLB compliant written security plan for your in-office use. The chapter will include discussion and specific recommendations for software, hardware, policies and systems to address this frightening new operational issue;
Second, we have included our special 3-page checklist guide for securing your office in the 1040 course’s new security chapter;
Third, we have continued last year’s popular special focus topics. This year the topics are: Amended tax returns & NOL’s-with completed examples; small business retirement plans; Divorce related tax issues; and the Final 1040 at death;
Fourth, we have continued our 30-page “What’s New” chapter at the beginning of the manual which includes our popular discussion of every pertinent court case, new laws, expiring laws and IRS actions in 2017 that will affect your office, and yes, they are hyperlinked to the Tax Book online web research if you use Code 770 when you buy it;
Fifth, we will once again reward attendees at our live 1040 in-depth classes with a special, live-class only deal. Our USB “Elections, Checklists & Letters” manual (updated across the board in 2017) normally sells for $129. For buyers at live classes only, it will be priced at $99 and include a full 2-day recorded video of the 1040 In Depth course! Most cities and societies will be offering this for sale on the seminar dates only;
Sixth, all live 1040 class registrants will once again receive 1 free copy of our laminated, Quick-reference “Fingertip Facts” guide, as well as the full printed manual and the full E-Book electronic manual;
Seventh, all 2-day 1040 classes will still include the free 2-hour ethics course.