Paid tax return preparers are required to have a written information security plan. Both the IRS and the Federal Trade Commission have a rule requiring specified types of businesses to have written security plans for their customers’ data. Tax preparers, credit reporting agencies, real estate appraisers, mortgage brokers, payday lenders, check-cashing businesses, and courier services are among the types of businesses that fit within the definition of “financial institution” under the Gramm-Leach Bliley Act and a the Safeguards Rule.
The Safeguards Rule also requires a designated coordinator for the information security plan and a written risk assessment covering employee management and training, information systems and dealing with system failures. The most difficult part of the Safeguards Rule is has to do with the requirements for management oversight over vendors and service providers. Contracts with service providers having access to customer data must require them to maintain safeguards over customer information.
We spent a lot of time and effort meeting the requirements of the Safeguards Rule. We can help your firm comply too. You can benefit from our expertise in putting together a custom information security plan that fits your business operation.
Mark S Gleason CPA