Announcement

Collapse
No announcement yet.

hard drive stolen

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    hard drive stolen

    If your hard drive is stolen with a loss of all client data how should I word the email to clients telling them of this.
    Any suggestions?
    Have any of the CPE providers gone into this topic.
    I just want to be sure I say the right thing the right way.

    #2
    YIKES! Hope you had a password on the tax program. Google a sample letter for ID theft. Did you make a police report? Will your business insurance cover any client claims?
    I would also ask the IRS ID theft investigations division if they have any suggestions or want any info from you.
    Believe nothing you have not personally researched and verified.

    Comment


      #3
      I found that in most states have a law requiring reporting of security breaches

      California law requires a business or state agency to notify any California resident whose unencrypted personal information, as defined, was acquired, or reasonably believed to have been acquired, by an unauthorized person. (You can read the law here: California Civil Code s. 1798.29(a) for state agencies and California Civ. Code s. 1798.82(a) for businesses).

      The law also requires that a sample copy of a breach notice sent to more than 500 California residents must be provided to the California Attorney General. Below is a list of those sample breach notices. (Note that in some cases the organization that sent the notice is not the one that experienced the breach. For example, a bank may notify of a credit card number breach that occurred not at the bank, but at a merchant.)

      Comment


        #4
        I have to offer at no cost "appropriate identity theft prevention and mitigation"

        “If the person or business providing the notification was the source of the breach, an offer to provide appropriate identity theft prevention and mitigation services, if any, shall be provided at no cost to the affected person for not less than 12 months, along with all information necessary to take advantage of the offer to any person whose information was or may have been breached if the breach exposed or may have exposed personal information defined in subparagraphs (A) and (B) of paragraph (1) of subdivision (h).” (emphasis added).

        I just found this in a google search for "California data breach notification law".
        Does anyone have a suggestion on how to offer this to my clients?

        Comment


          #5
          This is terrible? Please speak to your E&O carrier and/or attorney before you start notifying your clients. You may want to offer all the support to your clients but you also want to make sure you don't step on a legal minefield!
          Taxes after all are the dues that we pay for the privileges of membership in an organized society. - FDR

          Comment


            #6
            The IRS has a webinar with Dave Lyons, CPA, the first tax firm in CT to have a cyber breach. File a police report, help your clients prepare Forms 14039, contact SSA, FTC, IRS (who now has a cyber breach point office). You contact your IT person, your attorney experienced in cyber breaches, a good PR firm, attorneys general in every state in which you file tax returns, your E&O insurer where you hopefully have a cyber breach rider, and with all that advice write a letter to your clients. $250,000 cyber breach insurance is recommended. The lawyers are expensive, and the credit monitoring for everyone on every tax return (spouses, dependents, partners, shareholders, payroll, etc.) is expensive. Dave Lyons found AICPA helpful. Cooperate with all the government agencies, because they have the authority to swoop in unannounced to seize your back-ups, computers, etc.!

            Comment

            Working...
            X