Cybercriminals are familiar with tax practices and the depth of confidential client data available for the taking — data these thieves want to use to commit financial and tax-related crimes. As a tax professional, you must safeguard your clients’ data. Laws and professional responsibilities, such as those listed below, bind you to a high standard of quality control to be certain data is kept safe.
Gramm-Leach-Bliley Act (GLBA): According to the Federal Trade Commission (FTC) safeguards rule, tax preparers must implement security plans to protect client data. Failure to do so may result in an FTC investigation. Learn how to comply with these rules and read more guidance on data security in IRS Publication 4557, Safeguarding Taxpayer Data. Note, the safeguards rule contained in the Gramm-Leach-Bliley Act was amended in December 2021. The amendments are applicable beginning June 9, 2023.
Sec. 7216, Disclosure or Use of Information by Preparers of Returns: This criminal provision in the Internal Revenue Code prohibits preparers from knowingly or recklessly disclosing or using tax return information. See the AICPA’s Sec. 7216 guidance and the IRS’s Sec. 7216 frequently asked questions (FAQs) to help you comply.
Treasury Department Circular No. 230, Regulations Governing Practice before the IRS: These rules impose an obligation on practitioners to exercise due diligence in preparing returns or other documents related to a federal tax matter. A violation may subject a practitioner to sanctions, including censure, suspension or disbarment from practice before the IRS. See the AICPA’s guidance on Circular 230.
AICPA Code of Professional Conduct: As a member of the AICPA, you have responsibilities to the public, clients and colleagues, including responsibilities to keep client information confidential and secure. Access the full Code of Professional Conduct.
AICPA Statements on Standards for Tax Services (SSTSs): This guidance delineates members' responsibilities to taxpayers, the public, the government and the tax profession. Access the complete set of SSTSs, interpretations and FAQs.
Other requirements: Depending on your situation, you may need to adhere to other privacy requirements. See the AICPA’s information security and privacy guidance.
Related tools and resources
GLBA Information Security Plan Template: Download and customize this template to help you comply with the safeguards rule and protect your clients’ personal information (updated for the recent updated requirements).
How the FTC Safeguards Rule may affect your CPA firm, Journal of Accountancy, Feb. 1, 2023
Practitioners need a written information security plan, The Tax Adviser, Jan. 1, 2020
Privacy Management Framework: This guide helps you learn how to establish and operate a comprehensive information privacy program that addresses privacy obligations and risks while facilitating current and future business opportunities.
Sample Sec. 7216 Consent Forms: These template letters can be used whenever you need to obtain written consent to use or disclose client information to a third party.
Tax Identity Theft Toolkit: This resource page contains tools and guidance to help you combat tax-related identity theft and advise clients.
Tax Practice Quality Control Guide and Template: This guide provides information on why quality control is needed and what each element of quality control entails. Tax practices of all sizes can use this Word template to fashion their own written quality control system.
Visit our Cybersecurity Resource Center to access additional tools and learn how cyberattacks are impacting other aspects of the accounting profession.