Cybercrime is problem tax professionals must face on a daily basis. Tens of thousands of taxpayers are at risk of identity theft due to information stolen by cyber criminals from tax professionals. In an effort to reduce this risk, the Internal Revenue Service (IRS) recently reminded tax professionals to promptly report data theft to the agency. The agency states if it receives notification in a timely manner it can help to stop fraudulent tax returns and better protect the client’s information.
The agency also encouraged tax professionals to review their security protocol and make changes as needed to better protect clients’ personal information. The key to increased client security, the IRS claims, is a “Taxes-Security-Together” checklist.
The first step to create this checklist involves a data theft recovery plan. This plan should be discussed so all professionals within your practice are prepared with a proactive response to any potential security breach. The plan should generally begin with contacting the IRS to report any data theft. In some cases, it is also wise to report the incident to the Federal Bureau of Investigation (FBI) and Secret Service. Next, notify state agencies. Also, contact the client. Send a letter to inform the client of the breach and explain how the practice is working with law enforcement to resolve the matter.
Having a data security plan is more than just a good business practice, it is often a legal requirement. The Federal Trade Commission (FTC) generally requires tax professionals have a written data security plan. The FTC specifically includes “tax professionals” within its definition of those who must comply with the Safeguards Rule. This rule requires these practices have measures in place to keep private customer information secure. A failure to abide by these and other rules can result in scrutiny and possible penalties from the IRS and other federal agencies.