ASK THE CALIFORNIA EMPLOYMENT TAX AND PAYROLL TAX ATTORNEY – PROFESSIONAL TAX PREPARERS MUST HAVE A WRITTEN INFORMATION SECURITY PLAN TO PROTECT THEIR CLIENT’S DATA
By Robert S. Schriebman
The IRS has released a new bulletin informing professional tax return preparers that pursuant to federal law they must have in place a written information security plan to protect clients against identity theft. Many in the tax professional community do not realize this. New press release IR-2019-131 sets forth guidelines that are part of a series of long-standing federal rules.
Here is the story.
The Financial Services Modernization Act of 1999
This act is also known as the Gramm-Leach-Bliley (GLB Act). The Federal Trade Commission has authority to regulate professional tax return preparers. According to the Act, professional tax preparers must create and put in place written security plans to protect client data. Violations of the rule may also be a violation of IRS Revenue Procedure 2007-40 which sets the rules for tax professionals participating as Authorized IRS e-file Providers.
What Must The Written Plan Contain?
The plan must be appropriate to the company’s size and the nature and scope of its activities. The following is taken directly from IR-2019-131:
- “Designate one or more employees to coordinate its information security program;
- Identify and assess the risks to customer information in each relevant area of the company’s operation and evaluate the effectiveness of the current safeguards for controlling these risks;
- Design and implement a safeguards program and regularly monitor and test it;
- Select service providers that can maintain appropriate safeguards, make sure the contract requires them to maintain safeguards and oversee their handling of customer information;
- Evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or results of security testing and monitoring.”
These rules require professional tax return preparers to assess and address client risks in all areas of their operation. The IRS also recommends that professional tax return preparers obtain and read IRS Publication 4557, Safeguarding Taxpayer Data.
There Are Additional Rules and Publications You Should Know
Here are a few IRS publications and Internal Revenue Code Provisions you should also review.
- IRS Publication 3112 – IRS e-File Application and Participation: tax return preparers must be diligent in recognizing fraud and abuse. Prevent it whenever possible and report it to the IRS through IRS Stakeholder Liaison.
- IRC § 7216: this section imposes criminal penalties against tax return preparers who knowingly or recklessly make unauthorized disclosures or abuse information furnished to them in connection with the preparation of income tax returns.
- IRC § 6713: this section imposes monetary penalties for abuses set forth in IRC § 7216.
- IRS Revenue Procedure 2007-40: this Rev. Proc. provides guidance for the establishment of security systems designed to protect client information. It also specifies violations of the GLB Act (described above). Violations of IRC § 6713 and 7216 are considered violations of this Rev. Proc. There are penalties and sanctions set forth in this Rev. Proc.
The IRS and its Security Summit Partners will be issuing information releases and other announcements during the remainder of 2019. Quoting IRS Commissioner Chuck Rettig, “Protecting taxpayer data is not only good business practice, it’s the law for professional tax preparers. Creating and putting into action a written data security plan is critical to protecting your clients and protecting your business.” Please see Article 391 for the first in the series of new IRS releases.
Robert Schriebman has a successful practice in the Rolling Hills Estates area of Los Angeles County serving clients throughout California and the United States. He has successfully dedicated more than 40 years to helping individual taxpayers, business owners, CPAs, Enrolled Agents, and tax attorneys navigate the complicated tax systems of the federal and state governments. Mr. Schriebman is in private practice. He is not affiliated in any way with the EDD and he is not employed by the EDD or any other agency of the State of California.
Robert Schriebman has written the only 2 books ever published dealing with how California Employment Development Department (EDD) operates. See “California Tax Collection Practice and Procedures” and “California Taxation Practice and Procedure,” both published by Commerce Clearing House.
Robert Schriebman has written over 20 books including the major manual used nationally by practitioners and the IRS, “IRS Tax Collection Procedures – A Manual for Practitioners” published by Commerce Clearing House.
Robert Schriebman has written over 20 books including the major manual used nationally by practitioners and the IRS, “IRS Tax Collection Procedures – A Manual for Practitioners” published by Commerce Clearing House in addition to the only 2 books ever published dealing with how California Employment Development Department (EDD) operates. See “California Tax Collection Practice and Procedures” and “California Taxation Practice and Procedure,” both published by Commerce Clearing House.
Web Site Article 395