ASK THE EDD ATTORNEY – TAX PROFESSIONALS – WHAT WOULD YOU DO IF YOUR CLIENT INFORMATION SYSTEM OR DATA WAS BREACHED? PART 2
By Robert S. Schriebman
This is part 2 of a two-part series alerting tax professionals to increasing fraud activity during this year’s tax filing season.
I recently attended a tax controversy symposium. I attend the same symposium every year with the usual topics devoted to tax fraud, recently developments within the IRS, and lectures on audits and collections. The 2017 symposium was a bit different in that we were all treated to a lecture by representatives of the IRS identity theft unit. They asked the audience several questions about what they had in place to protect them from hacking and identity theft. Very few members of the audience had even the basic safeguards in place. The IRS representatives made it very clear that it was not a matter of “if,” but “when,” a security breach will occur in their practice.
On the speakers’ panel were partners of a local CPA firm that experienced identity theft. Believe me when I tell you that their experience was hell on earth. They passed their knowledge onto the audience. In addition to contacting their insurance company, they also followed the steps set forth in a recent IRS publication I will now discuss.
IRS Publication 5280 (5-2017)
This IRS publication 5280 is unique in that it is a small plastic card about the size of credit card that gives the tax professional guidance on where to report security breaches and where to get assistance. I took several of these cards and gave them to my CPA contacts. I believe you will benefit by the information set forth in this small but important publication.
Publication 5280 starts by admonishing tax return preparers to establish a security plan and makes reference to IRS Publication 4557, “Safeguarding Taxpayer Data.”
IRS Publication 5280 provides several contacts that you should know and make into a checklist, as follows:
- Insurance Company – check with your insurance carrier to determine if you have coverage for security breach incidents. Don’t wait until you have exposure. Check out your policy now!
- Internal Revenue Service – The IRS has local Stakeholder Liaisons. This individual should be contacted immediately upon any security breach. The IRS publishes a telephone directory for practitioners setting forth nation-wide contact information for the Small Business Self-Employed Stakeholder Liaison Division. You can find your local liaison on IRS.gov, keyword search: ‘Stakeholder Liaison.
- Federal Bureau of Investigation (FBI) – your local office
- Local Police – file a police report.
- State Tax Agencies – Email the Federation of Tax Administrators at [email protected]
- State Attorneys General – Most states require that the attorney general be notified of data breaches.
I am deeply concerned about potential security breaches within my own practice as well as other small firm practitioners. Listening to the representatives from the IRS who spoke at the tax controversy symposium, I came away with the conclusion that these security breaches may occur in email transmissions. These days it seems to be more efficient and cost effective to send sensitive and confidential communications and documentation via email. Most information and documentation sent electronically has the risk of being hacked without your knowledge. I believe that the best way to prevent this type of security breach is to have your client send you documentation and information the old fashioned way by U.S. Mail, FedEx, etc. Even a FAX transmission may be a whole lot safer than an email transmission.
Robert Schriebman has a successful practice in the Rolling Hills Estates area of Los Angeles County serving clients throughout California and the United States. He has successfully dedicated more than 40 years to helping individual taxpayers, business owners, CPAs, Enrolled Agents, and tax attorneys navigate the complicated tax systems of the federal and state governments.
Robert Schriebman has written the only 2 books ever published dealing with how California Employment Development Department (EDD) operates. See “California Tax Collection Practice and Procedures” and “California Taxation Practice and Procedure,” both published by Commerce Clearing House.
Robert Schriebman has written over 20 books including the major manual used nationally by practitioners and the IRS, “IRS Tax Collection Procedures – A Manual for Practitioners” published by Commerce Clearing House.
Robert Schriebman has written over 20 books including the major manual used nationally by practitioners and the IRS, “IRS Tax Collection Procedures – A Manual for Practitioners” published by Commerce Clearing House in addition to the only 2 books ever published dealing with how California Employment Development Department (EDD) operates. See “California Tax Collection Practice and Procedures” and “California Taxation Practice and Procedure,” both published by Commerce Clearing House.
Web Site Article 306