Announcement

Collapse
No announcement yet.

Written data security plan for tax preparers

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

    Written data security plan for tax preparers

    Any one have a source for a written plan for a single person office.
    Thanks

    #2
    Try this: https://doi.org/10.6028/NIST.IR.7621r1

    This is an excellent document IMO and if you read it, you will be ahead of most.

    There is an appendix with a "sample", but you will still have to do some work on it. Frankly, I think the concept of a written plan for a solo practitioner is kind of ridiculous -- who is going to hold you accountable for following it? I fully endorse and practice following good security practices, but taking the time to write down a bunch of cliche statements that in and of themselves do not guarantee any security is a waste of time. For example, do I really need to write down "do not share passwords" in order to not actually share any passwords? Does writing it down mean that I won't actually share any passwords?

    Or put another way, what is the benefit of having a written plan? Does it avoid being sued for damages by a client? Does it keep you out of jail? (Again, I think with employees it is a whole other matter, and evidence that employees were instructed and trained is crucial for protection).
    Last edited by Rapid Robert; 07-17-2019, 07:31 PM.

    Comment


      #3

      In response to the above reply postís questions in the last paragraph, it should be noted why a written plan is not only necessary but is the law:

      IR-2018-175, Aug. 28, 2018:

      According to the FTC Safeguards Rule, tax return preparers must create and enact security plans to protect client data. Failure to do so may result in an FTC investigation. The IRS also may treat a violation of the FTC Safeguards Rule as a violation of IRS Revenue Procedure 2007-40, which sets the rules for tax professionals participating as an Authorized IRS e-file Provider.


      see the FTC rule:

      https://www.ftc.gov/tips-advice/busi...tion-complying

      you will find suggestions for developing a plan.


      Always cite your source for support to defend your opinion

      Comment


        #4
        Originally posted by TAXNJ View Post
        In response to the above reply postís questions in the last paragraph, it should be noted why a written plan is not only necessary but is the law:
        Yes, that is a response, but does not answer the questions. None of the information you posted is new or a surprise to me; trust me, when the FTC puts me at the top of their prosecutorial priority list and asks for my written plan, I'll turn something over to them, no matter how plagiarized or meaningless it actually is. The reason I'm so cavalier is because implementing security, which I do, is far, far more important that writing a bunch of cliches about it on paper. And I am confident that with no employees or contract workers, the only person who has to know and implement my plan is me.

        To elaborate on one of my questions: suppose you have a written plan that meets all the requirements, but you still suffer a data breach, perhaps because your plan didn't address the precise situation, or maybe someone failed to follow the plan. How does having the written plan protect you in this case? Are you off the hook completely? If so, then yes, I agree it might be worth it to create one.

        It's like going on a diet. What is more important: actually changing the types and quantities of food you consume, or having a diet book sitting on your shelf? The law that requires a written plan is stupid, it would be far better to require continuing education, similar to ethics. And in the unlikely event I am actually charged with a crime for not having a written plan, I'll just do what illegal taxpayers (those who don't pay the full amount of tax they owe on time) do all the time: hire an expert to get me off.
        Last edited by Rapid Robert; 07-18-2019, 08:31 AM.

        Comment


          #5
          Thanks for your reply Robert, and I couldn't agree more that it is a waste of time to write a plan for my office, but as taxng said it is the law now.

          Comment


            #6
            Originally posted by Rapid Robert View Post
            Yes, that is a response, but does not answer the questions. None of the information you posted is new or a surprise to me; trust me, when the FTC puts me at the top of their prosecutorial priority list and asks for my written plan, I'll turn something over to them, no matter how plagiarized or meaningless it actually is. The reason I'm so cavalier is because implementing security, which I do, is far, far more important that writing a bunch of cliches about it on paper. And I am confident that with no employees or contract workers, the only person who has to know and implement my plan is me.

            To elaborate on one of my questions: suppose you have a written plan that meets all the requirements, but you still suffer a data breach, perhaps because your plan didn't address the precise situation, or maybe someone failed to follow the plan. How does having the written plan protect you in this case? Are you off the hook completely? If so, then yes, I agree it might be worth it to create one.

            It's like going on a diet. What is more important: actually changing the types and quantities of food you consume, or having a diet book sitting on your shelf? The law that requires a written plan is stupid, it would be far better to require continuing education, similar to ethics. And in the unlikely event I am actually charged with a crime for not having a written plan, I'll just do what illegal taxpayers (those who don't pay the full amount of tax they owe on time) do all the time: hire an expert to get me off.
            Just replying to the Original Poster. Great country where one can make their own decision so itís up to the Original Poster for their decision. The Original Poster asked for a source for a plan only and not a dissertation of your views.

            No one is telling you that you have to follow something you donít want to follow. Your extensive positive response is good for you but very overwhelming to read. Think reading the IRS code would be more of an interesting read and better use of time than your reply post.
            Last edited by TAXNJ; 07-18-2019, 05:07 PM.
            Always cite your source for support to defend your opinion

            Comment


              #7
              Originally posted by TAXNJ View Post
              The Original Poster asked for a source for a plan only and not a dissertation of your views.
              The Original Poster also did not ask for your advice on what other replies are worth reading or not, I'm sure he can make up his own mind. And FWIW, I did in fact respond to the poster with a helpful link to information about creating a plan.

              See ya in the next thread I feel like replying to!

              Comment

              Working...
              X