What the IRS is Doing About Data Securityby
As data breaches and fraudulent tax returns have become tougher to detect by states and the IRS, the agency is ratcheting up its focus on protecting client data and, moreover, tax preparers who are lax will be in violation of federal law.
The Financial Services Modernization Act of 1999, also known as Gramm-Leach-Bliley Act, gives the Federal Trade Commission (FTC) the authority to set data safeguard regulations for various financial entities, and that includes tax preparers. According to the FTC Safeguards Rule, tax preparers must create and implement security plans to protect client data. Failure to do so may result in an FTC investigation.
“Data security is now a necessity for every tax professional, whether a partner in a large firm or a sole practitioner and every Authorized IRS e-File Provider,” the IRS states in a recent notice, Safeguarding Taxpayer Data. “Every employee, both professional and administrative staff, should be educated about security threats and safeguards.”
The new effort also follows recent recommendations by the Electronic Tax Administration Advisory Committee, which noted that tax professionals face increasing risk of cyberattacks.
Not to put too fine a point on it, but the IRS notes that data breaches can bring a loss of reputation, business and money for tax preparers. Preparers are advised to consult with a cybersecurity professional or check with their professional liability insurer about data theft coverage.
“Identity thieves are technically sophisticated, helped by well-funded and tax-savvy criminal syndicates based here and abroad,” the IRS states.
Earlier this year, what the IRS describes as a “sophisticated cybercriminal gang” gained remote-control access to “numerous” practitioners’ computers to steal clients’ 2016 tax information. They then used the 2016 information to file 2017 tax returns that included taxpayers’ bank accounts for direct deposit.
The fraudsters then contacted the taxpayers to try to trick them into returning the bogus refunds. In some cases, the crooks had so much information that they could access clients’ bank accounts online and steal the refunds.
“In many cases, the tax professionals never even knew their client data was stolen,” the IRS states. Hence the escalating effort to ensure that tax preparers know and understand the gravity of the situation.
The IRS also recently released what could be called a one-stop shop of cybersecurity tips, “Protect Your Clients; Protect Yourself”: Data Security Resource Guide for Tax Professionals that pulls together links to various cybersafety tip sheets and also includes the above referenced safeguard precautions.
Terry Sheridan is an award-winning journalist who has covered real estate, mortgage finance, health care, insurance, personal finance, and accounting and taxation issues for newspapers, magazines, and websites. A Chicago native and former South Florida resident, she now lives in New England.