Federal Law Establishes Information Security Requirements for Tax Preparers

Paying taxes involves disclosing a vast amount of personal information about oneself, one’s family, and one’s business to the IRS. If you seek the assistance of an accountant or other tax preparer, your personal information makes an additional stopover on its way to the government. Unfortunately, the wealth of information included in tax returns is incalculably valuable to identity thieves and other scammers. As a result, federal law closely protects the privacy of taxpayer information. This protection relies on extensive security measures by both the government and the businesses that handle taxpayers’ returns. Our Los Angeles tax advisors want to take this opportunity to explain the scope of your protections.

Privacy of Taxpayer Information

Section 6103 of the Internal Revenue Code (IRC) establishes that the information in taxpayers’ returns is confidential. The IRS may not disclose taxpayer information to anyone without the taxpayer’s written consent, unless disclosure to other tax officials or law enforcement is specifically required by law.

Federal law holds the IRS to a high standard of accountability in this matter. An IRS employee or other person who accesses confidential taxpayer information in violation of § 6103 commits a criminal offense punishable by up to one year in prison and a fine of up to $1,000. The taxpayer whose information is accessed without authorization may bring a civil suit against the U.S. government for the greater of either $1,000 per violation, or the actual damages they suffered plus, in the event of a willful or grossly negligent violation, punitive damages.

Federal Law Governing Tax Preparers

The Financial Services Modernization Act of 1999, commonly known as the Gramm-Leach-Bliley Act (GLBA), significantly overhauled federal regulation of banks and other financial institutions. The deregulatory aspects of the bill, according to many critics, paved the way to the 2007 subprime mortgage crisis and the broader financial crisis. Other parts of the bill created security requirements for financial institutions intended to protect consumers’ privacy.

The GLBA created the Safeguards Rule, which is codified at 15 U.S.C. §§ 6801-6809, to protect consumers’ “nonpublic personal information.” It applies to “financial institutions,” which includes “accountant[s] or other tax preparation service[s],” based on a very broad definition found in 12 U.S.C. § 1843(k)(4)(G) and 16 C.F.R. §§ 313.3(k)(2)(viii) and 314.2(a). Financial institutions have “an affirmative and continuing obligation” to protect their customers’ privacy. The Federal Trade Commission (FTC) and other agencies are empowered to enforce this obligation.

The FTC established the Safeguards Rule in 16 C.F.R. Part 314. It requires tax preparers and other financial institutions to develop and implement “a comprehensive information security program.” Each program should include the following elements:
– One or more employees specifically responsible for coordinating the program;
– A risk assessment that evaluates how employee issues, information systems, and possible security breaches could compromise customer information;
– Creation and implementation of “information safeguards” based on the earlier risk assessment;
– Oversight of third-party service providers with access to customer information; and
– Periodic review of the program, followed by necessary modifications.

IRS Recommendations

The IRS issued a set of recommendations for tax preparers in July 2019 entitled the “Taxes-Security-Together” Checklist. It consists of six items, or the “Security Six”: antivirus software, firewalls, two-factor authentication, backup software, encryption of memory drives, and use of a virtual private network (VPN).

If you need a solution for a tax issue in California, the tax advisors at Enterprise Consultants Group are available to help. Please contact us online or at (800) 575-9284 today to schedule a consultation to see how we can help you.

Contact Information