You could also text the password to the client, if they are familiar with the technology.

Personally, I can't think of a situation in which I'd email a tax return to a client without a password, even if they insist. Some risks just aren't worth taking, no matter how much of a hurry the client may be in.

Incidentally, I've had several clients insist that they can't open a password protected file, and I'd tell them to save it to their hard drive and then open it from there. Don't know why that works - I read it somewhere. Maybe someone on this forum can enlighten us.

Scanning and password

All of us give the client a copy of the tax return. They have a copy.

I get calls from client's wanting me to scan to them so they can forward to loan broker etc. I tell them they have a copy and should consider scanning it themselves.

They say they don't want to go to the trouble themselves and I should already have a scannable feature so just scan it.

I tell them it is not password protected so they should scan their own copy.

Client says they don't care, just scan it so they can get the loan or whatever.

I do as they say. I get a call from client telling me that I should have it password protected. Can't win.

That is why I am looking into a pdf Factory type software.

Faxing is considered more secure. Client's don't want fax. They want to do no handling whatsoever. Can't win.

Another quarter hour time down the drain.

But aren't we REQUIRED to password protect anything emailed with a SocSec number on it?
Regardless of what the client may want or demand?

Required?

Hmmm. I did not know that there is a requirement to password protect certain e-mails.

Is there a source for this requirement?

Bob

I know that there is some sort of regulation to only use the last four digits of SocSec in statements etc. Look at your bank or 401k statements. But I was not aware of a law that requires us to specifically password protect an e-mail. If there is such a law, I sure would like to know about it. In my general business e-mails, I don't use soc sec numbers at all and if I have to send a copy of a return as a pdf I will password protect it (unless taxpayer says not to encrypt it).

The Gramm–Leach–Bliley Act doesn't explicitly require password protection on email, but does require safeguards. I find it hard to imagine the safeguards section as not implying encryption for sending sensitive info over the net.

I can't think of any safeguards other than encryption when emailing.

Website portals

I've used secure portals, accessed through my website, for years now and clients have gotten used to them. I upload their tax return to a folder, arranged by year, in their personal portal. They log on and can open it up and print or download the .PFD to themselves. What they do with it after that is out of my hands and I like that.

I won't email any sensitive document.

The ancillary benefit is that clients get used to going to my website where they can find a lot of other helpful information.

I've also just started using another secure method that anyone, including clients, can use to send me sensitive information without having to create a portal account. Let's say an investment adviser wants to "email" me client information or documents. I direct that person to my website's "SecureSend" and they enter their email address, message, and a document(s). The third party did it on the fly, in a few seconds, but it gets routed through the secure portal system and I'm notified of the message.

I'm going to encourage clients to start emailing me "sensitive messages" through this system even if there are no attachments. It will make sure that sensitive information, along with sensitive documents, are transferred securely to me rather than have them go through email.

Sending Soc Sec numbers

Perhaps, but several years ago I started masking the SSNs (akin to what you now get on most Forms 1099) on ALL client copies, whether paper or electronic.

At least that problem is solved!

FE

Nothing in the cloud is completely secure. If the company holding the file on their servers can access the file, you really shouldn't consider it secure at all even if encrypted. Edward Snowden has shown that companies have back door entrances to your files, the government has access to those routes and often times they have the ability to eliminate all encyption completely. If the government can do it, a hacker can do it.

My goal is to take steps to make things as secure as I reasonably can. Beyond that, what will be, will be.

Drake has an encryption feature built into the print window when you create a pdf. I have had a problem when emailing an encyrypted file to someone at work that is behind a fire walled server. The fire wall is often set to not allow any encrypted file through.