It depends on the context of this request.

Are you asking for permission to disclose the tax return information to the third party or is this something requested by the taxpayer?

Is this for a tax return already completed and signed or are you asking about how to obtain such authorization for returns that have not yet been completed?

More Info

And what third party?

As Dtlee stated in his post - depends

If Lender for refinance - do a search on the board - we just had a recent thread on that issue - which upsets all of "us" that the Lenders want us to cover their "backside" - The lender's have access with borrower's authorization to obtain tax returns filed.

I believe this is the latest thread http://www.thetaxbook.com/forums/sho...ghlight=lender

Sandy

Disclosure Authorization

Taxpayer (my client) emailed me asking me to send copies of his past 2 years returns to another person - for his credit application, I think.

My own policy is to simply give the new copy to the client and the client can give it to whomever they wish. Don't get involved in giving out copies of client tax returns to third parties. The client is perfectly capable of doing that themselves.

There is no specific form required by the IRS for this scenario.

I agree with jimmcg that you define the policy in this situation. Due diligence is required to avoid knowingly and recklessly disclosing information to others without prior client consent. Hence, it is easier if you just give the information to the client.

If you do decide to accommodate the client request, you need to be careful. If you mail out the returns, you could recklessly put the wrong label on the envelope. You also need to confirm (and document in your files how you did this) that this was a valid request from your client and not some form of identity theft. You should also somehow confirm any address they give you with the intended recipient (and again document how you did this) so that you don't simply rely on information from the client.

You could create a form based on the forms you use for §7216 disclosure, but they cannot be the same forms and do not require the specific IRS wording (like the part about it being optional and how to turn you in to TIGTA) since those are only valid for scenarios where you are requesting pemission to disclose client information. Also, you are not allowed to request permission like that once the return is complete and signed (clients are not bound by these rules and are allowed to make requests any time they feel like it...though it is you who needs to agree in those situations).

Having an actual §7216 disclosure form signed now for two prior year returns would seem to document that you have violated the requirements of §7216 and requested this permission after the returns were done and signed.

Email the copies to the client. Then he/she can be responsible for sending them on. But, the client needs to understand that the email is not secure and encrypted. (unless you can do that).

Mine also. I just say you have to come and get it and take it to the bank, lender, etc. They don't seem to question it unless they are out-of-state. In that case I can fax it to them. One time a client was at a bank and said I could fax it there. I made the person and my client promise me that my client would stand by the fax machine and it would go to his hands first. Do you think that would hold up in court? (Rhetorical).

This is my favorite way of doing it cause then the client can just forward it to whomever they please.

If email isn't possible....then this is exactly what I do...between the two, it pretty much covers 100% of the scenarios I get for requests.

Doug, my understanding is that it does not matter if client wants to disclose to third party or tax return preparer wants to send to third party. Any disclosing of tax return information requires the format set in 7216.

Only difference between client's request and tax return preparer's request is, that if tax return preparer wants to use and/or disclose he must get this form signed before starting the tax return.

Like other posters I will require the client to come in and pick up tax return or I will e-mail, password protected. I just learned that it is considered malpractice to e-mail sensitive information or the tax return and to not encrypt.

Thanks, Gretel,

I have heard this many times before and am interested in learning your reasoning. I will explain mine below.

I would agree that §7216 rules prohibit knowingly or recklessly disclosing or using tax return information. That was in place before the regulations governing these consent forms, but generally did not prevent preparers from complying with such requests.

Regarding the actual regulations, while you could read them to say that the same form is needed when a client requests a disclosure, the continuing theme in the regulations is that the tax preparer is requesting permission to disclose or use and the client is giving consent. For example, here are the timing rules:The sentiment is repeated in the IRS FAQ:Clearly, these timing rules do not apply to the client, but if we deem "consent" to not only include consenting to disclose at the initiation of the client, then these timing rules would indicate that you can never comply with a client's request to disclose information if you did not know that prior to completing the return.

In fact, many preparers do read that into the regulations.

Likewise, the preparer may not know the full reason why the taxpayer is requesting disclosure and would have to pry into the taxpayer's business to comply with including the following information:More reasons why many of us would not want to comply with an actual form compliant with §7216 and the regulations.

Regarding using the same form, I would dispute that especially for the paragraph that states, If a client is requesting that you perform the service of mailing a tax return, you are making that service contingent on their providing this consent. However, if you follow the requirements of the IRS for their consent rules and use the same form, you must include this paragraph.

If you read through the IRS procedures, the repeatedly give examples where "consent is sought" by the tax preparer as opposed to "disclosure is requested by the taxpayer." I spent a lot of time considering these anomalies and whether they were the only situations where these specific requirements apply or whether they were merely a small subset of the situations.

I contacted the Office of the Associate Chief Counsel with my concerns and documented these in a FAQ that they reviewed before I published it. That FAQ is here:



While I can understand from the apparent logical timing contradictions why some practitioners believe that clients cannot allow disclosure of any information that they did not request prior to signing the return, I have difficulty understaning your perspective.

I realize that the rules are complicated and poorly written regardless of what they actually mean, but the clear message I got form the Office of the Associate Chief Counsel was that they were trying to regulate preparer requests to allow disclosure, not client requests to do anything. Their attitude was that a client approaching you to mail a copy of a tax return is different from a client coming to you to prepare a tax return. They were trying to control what you could do as part of a tax preparation engagement as opposed to a file retrieval/copying/printing/mailing/faxing engagement. In the latter, a client could sign a dozen consent forms, but you are not obligated to comply with their request. In my opinion, client requests are not time limited as are preparer requests and the §7216 forms are invalid if used for a tax return that is already completed.

similar situation

Is there a specific form a client signs to allow the preparer (me) to speak to their former preparer and current preparer of their S-corp return? Prior to 2011 my clients were 50% owners in the S-corp, and are now the 100% owners. I'm trying to find out exactly what he is doing regarding payroll; what the clients are telling me doesn't seem kosher. And they are now my clients because I don't talk down to them like this guy does. They could also benefit greatly from setting up an accountable plan and other tax planning, plus I think they are located in one of the local enterprise zones and may qualify for hiring credits.

Ok, I'm babbling when I should be doing returns....

Gretel,

I have seen this posted many times and while I routinely password protect any client data attached to emails, I have never found the specific rule that states that not doing so would be malpractice. It is not in Circular 230 and not in the 7216 regulations. I did find it mentioned in publication 4557 and 4600, but not specifically stating that not doing so would be malpractice. It is more along the lines of a suggested practice under the heading, "The following checklist includes many activities that can be included in an information security program. It can help you put in place security procedures and controls to protect taxpayer information. It is important to consider all the safeguards that are applicable to your business."

Is that a state mandate in your state?.

Anyone?

Before people get on my case. I realize that not encrypting data could potentially be construed as being reckless in the the scenario where taxpayer information was inadvertently disclosed to a third party. As I understand it, the penalty for that is potentially a criminal charge, not malpractice. The risk of disclosure would also exist for sending a fax to the wrong party. The IRS sends and receives taxpayer information all day long via faxes.

MA forbids emailed tax information unless encrypted. Probably other states have followed.

Boy, am I out of my league here.

My understanding is that encrypted email is different from password protecting an attachment. Is Massachusetts really requiring us to send encrypted emails (a la Hushmail) or are they deeming it necessary just to encrypt and protect sensitive attachments.

After these posts I was looking at hushmail and pgp desktop and this looks like a major change in the way we do things. Looks like a learning curve for clients too.

Anyone familiar with this topic and using encrypted email services or products? Any recommendations for a product that is client friendly?

Product from symantic:


Information from wikipedia: