The Association for Main Street
Accountants and Tax Professionals.

Data Security Aids

Securing Your Company Data
is Essential . . . and Required

Renewing Your PTIN Now Requires a Data Security Plan
so MTAP has Developed the Aids to Help You Do it Correctly 

December, 2020 - Security is the most essential ingredient to your remote work system. In fact, if you have a Preparer Tax Identification Number (PTIN) through the Internal Revenue Service, a practice security system and plan are required whether or not you have a remote work system.
“Protecting taxpayer data is not only a good business practice, it’s the law for professional tax preparers,” said IRS Commissioner Chuck Rettig. “Creating and putting into action a written data security plan is critical to protecting your clients and protecting your business.”

The Financial Services Modernization Act of 1999, also known as the Gramm-Leach-Bliley (GLB) Act, gives the Federal Trade Commission authority to set information safeguard regulations for various entities, including professional tax return preparers. According to the FTC Safeguards Rule, tax return preparers must create and enact security plans to protect client data. Failure to do so may result in an FTC investigation.

The IRS also may treat a violation of the FTC Safeguards Rule as a violation of IRS Revenue Procedure 2007-40, which sets the rules for tax professionals participating as an Authorized IRS e-file Provider.

The FTC-required information security plan must be appropriate to the company’s size and complexity, the nature and scope of its activities and the sensitivity of the customer information it handles. According to the FTC, each company, as part of its plan, must:
  • designate one or more employees to coordinate its information security program;
  • identify and assess the risks to customer information in each relevant area of the company’s operation and evaluate the effectiveness of the current safeguards for controlling these risks;
  • design and implement a safeguards program and regularly monitor and test it;
  • select service providers that can maintain appropriate safeguards, make sure the contract requires them to maintain safeguards and oversee their handling of customer information;
  • and evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring.
The FTC says the requirements are designed to be flexible so that companies can implement safeguards appropriate to their own circumstances. The Safeguards Rule requires companies to assess and address the risks to customer information in all areas of their operations.

Here are the essential links to help you
create a data security plan as required by the IRS:

IRS Publication 4557, Safeguarding Taxpayer Data, details critical security measures that all tax professionals should enact. The publication also includes information on how to comply with the FTC Safeguards Rule, including a checklist of items for a prospective data security plan. Tax professionals are asked to focus on key areas such as employee management and training; information systems; and detecting system failures.

Make a Plan for Protecting Data:

Steps for Creating a Data Breach Plan:

Operational Security Policies and Procedures:

More on Creating a Data Security Plan:

Here are some links to help you select or improve the data security and communication systems for your business:
The Best Security Systems for Your Business
Analysis of 8 practical security systems you should consider.
How to Maintain Security When Employees Work Remotely
A primer on using cloud storage and security systems to protect your data.

How to Secure Your Video Conferencing System from a Hacker
Securing Zoom, Microsoft Teams, Cisco-WebEx, Adobe Connect, GoToMeeting, and Slack Systems from hackers .

More Helpful Articles:

Setting up a Data Security Plan for Your Business
Basics on Data Protection for Your Business

NOTE: The following templates are in Microsoft Word format:

TEMPLATE: Office Data and Client Information Security Policy
TEMPLATE: Company Internet Usage Policy
TEMPLATE: Company Password Policy
TEMPLATE: Employee Computer and Email Usage Policy

Free Office Security Tools: 

MTAP P.O. Box 398 Bath, MI 48808-0398