Have you locked down your computer? While a chain and padlock may not be practical, if you’re a tax professional, the IRS does want you to practice safe computing. What if you have been, but your data was breached anyway?
In an email sent this week, the IRS explained what steps tax professionals need to take if a data breach occurs. The IRS provides a preliminary checklist of steps to take.
Also useful are Publication 4557, Safeguarding Taxpayer Data, and Publication 1345, Handbook for Authorized IRS e-file Providers of Individual Income Tax Returns.
You probably already know you’ll need to contact your local stakeholder liaison with the IRS (contact list here), as well as your local police.
Do you know which of the following you may also need to notify?
State attorney general for each state in which you prepare tax returns
Federal Trade Commission
Note: Taxing Lessons provides a summarized version of sometimes lengthy court decisions and IRS documents. The full documentation may include facts and issues not presented here. Please use the link provided in the post to read the entire document.
This information should not be considered legal, investment, or tax advice. Taxing Lessons and Top Drawer Ink Corp. do not provide legal, investment, or tax advice. Always consult your legal, investment, and/or tax advisor regarding your personal situation.
Per the IRS, most states require that the attorney general be notified of data breaches. The notification process may involve multiple offices.
Tax professionals are not required to contact the FTC. Note that those subject to the Gramm-Leach-Bliley Act must follow the FTC’s Financial Privacy and Safeguard Rules.
Most states have legislation requiring notification of security breaches involving personal information. You may need to write individual letters to victims.
According to the FTC, if names and social security numbers have been stolen, contact the major credit bureaus for additional information or advice. If the compromise may involve a large group of people, advise the credit bureaus if you are recommending that people request fraud alerts and credit freezes for their files.