Chapter 3: IRS and FTC Data Security Rules

Slides:

Advertisements

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Advertisements

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

NAU HIPAA Awareness Training

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HIPAA Regulations What do you need to know?.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

Protecting Personal Information Guidance for Business.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

© Chery F. Kendrick & Kendrick Technical Services.

Mark S. Hayes – Blake, Cassels & Graydon LLP Privacy and Security – Some Observations Mark S. Hayes, Blake, Cassels & Graydon LLP 7th CACR Privacy and.

Session 3 – Information Security Policies

New Data Regulation Law 201 CMR TJX Video.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

General Awareness Training

Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.

HIPAA PRIVACY AND SECURITY AWARENESS.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

ISO27001 Introduction to Information Security. Who has day-to-day responsibility? All of us! Why Information Security? Control risk, limit liability What.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.

© Copyright 2010 Hemenway & Barnes LLP H&B

FIRMA April 2010 DATA BREACHES & PRIVACY Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Carlsmith Ball LLP Cyber Issues For Lawyers Deborah Bjes October 22 nd, 2015.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Privacy Act United States Army (Managerial Training)

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.

The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.

Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.

Health Insurance Portability and Accountability Act of 1996

iSecurity Compliance with HIPAA

E&O Risk Management: Meeting the Challenge of Change

Module 3 Consumer Privacy.

Protection of CONSUMER information

Cyber Insurance Overview

Health Insurance Portability and Accountability Act

Protecting Personal Information Guidance for Business.

Cyber Issues Facing Medical Practice Managers

Red Flags Rule An Introduction County College of Morris

Disability Services Agencies Briefing On HIPAA

DATA BREACHES & PRIVACY Christine M

Health Insurance Portability and Accountability Act

County HIPAA Review All Rights Reserved 2002.

CompTIA Security+ Study Guide (SY0-401)

Cybersecurity compliance for attorneys

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Building a Vertical Around Regulated Industries to Increase Your Business

Introduction to the PACS Security

Explain the role of ethics in financial- information management

Presentation transcript:

Chapter 3: IRS and FTC Data Security Rules Pages 31-45 Chapter 3: IRS and FTC Data Security Rules

What’s the State of Affairs Pages 31 What’s the State of Affairs We have never had a data loss or breach We’re too small to be of interest to hackers Our email is already secure enough We have antivirus software If we implement security our clients will leave We have a disclaimer to our emails We are insured so it doesn’t matter We think the problem is over-stated We don’t want to spend the money We’re not certain what to do Chapter 3: IRS and FTC Data Security Rules

What Is An Accountant’s Exposure Pages 31-32 What Is An Accountant’s Exposure Failure is not an option: Claims for damages from clients Forensic services, PR expense, lost business Civil and criminal enforcement proceedings 4 Dozen federal statutes and regs cover security FTC Safeguards Rule, Privacy Rule, Security Rule Legal costs to defend Security breach notification laws – 46 states Reputation damages Chapter 3: IRS and FTC Data Security Rules

The FTC Safeguards Rule Pages 32-33 The FTC Safeguards Rule The Price of Failure Unlimited liability from clients FTC Fines – up to $ 50K per incident State Regulators notified Malpractice Insurance voided As part of the settlement with the FTC, the company is prohibited from violating the Privacy Rule and the Safeguards Rule of the Gramm-Leach-Bliley Act for 20 years. Consistent with several past cases involving violations of Gramm-Leach-Bliley Act Rules, the company is required for 10 years to obtain biennial third-party assessments of its compliance with these rules. Chapter 3: IRS and FTC Data Security Rules

Chapter 3: IRS and FTC Data Security Rules Pages 32-33 FTC Safeguards Rule Written policy Someone in charge Identify risks and evaluate program Do something about it! Watch your service providers Adjust to circumstances How many accountants can say they are compliant? The Risk suffer a breach an live under a microscope Chapter 3: IRS and FTC Data Security Rules

Chapter 3: IRS and FTC Data Security Rules Pages 33-34 A Safeguards Program A safeguards program is more than antivirus and locks on the door. Employee management & training Selection Confidentiality agreement Controlled access / locking file rooms / clean desk Screen savers Protection of assets – laptops, USB drives, etc Training Protocol on dismissed employees Chapter 3: IRS and FTC Data Security Rules

Chapter 3: IRS and FTC Data Security Rules Pages 35 A Safeguards Program Information Systems – Know where sensitive customer information is stored and store it securely. Make sure only authorized employees have access. Take steps to ensure the secure transmission of customer information. Dispose of customer information in a secure way and, where applicable, consistent with the FTC’s Disposal Rule. Chapter 3: IRS and FTC Data Security Rules

Chapter 3: IRS and FTC Data Security Rules Pages 36-37 A Safeguards Program Detecting and Managing System Failures: Monitoring the websites of your software vendors and reading relevant industry publications for news about emerging threats and available defenses. Maintaining up-to-date and appropriate programs and controls to prevent unauthorized access to customer information. Using appropriate oversight or audit procedures to detect the improper disclosure or theft of customer information. Taking steps to preserve the security, confidentiality, and integrity of customer information in the event of a breach. Considering notifying consumers, law enforcement, and/or businesses in the event of a security breach. Chapter 3: IRS and FTC Data Security Rules

IRS Data Security Requirements Pages 37-38 IRS Data Security Requirements Chapter 3: IRS and FTC Data Security Rules

IRS Publication 1345 Requirements Pages 38 IRS Publication 1345 Requirements Chapter 3: IRS and FTC Data Security Rules

IRS Publication 1345 Requirements Pages 39 IRS Publication 1345 Requirements As an e-file provider you MUST: Be diligent in recognizing and preventing fraud Report fraud or abuse Cooperate with IRS investigations Appoint a “responsible official” Comply with the FTC Safeguards Rules Chapter 3: IRS and FTC Data Security Rules

IRS Publication 1345 Requirements Pages 40 IRS Publication 1345 Requirements Chapter 3: IRS and FTC Data Security Rules

IRS Publication 4600, Revised 2016 Pages 40-41 IRS Publication 4600, Revised 2016 Publication 1345 but shorter and more refined. Chapter 3: IRS and FTC Data Security Rules

IRS Publication 4557, Revised 2015 Pages 41-42 IRS Publication 4557, Revised 2015 Type Here https://www.irs.gov/pub/irs-pdf/p4557.pdf Chapter 3: IRS and FTC Data Security Rules

Chapter 3: IRS and FTC Data Security Rules Pages 44 State Have Rules, Too http://www.dwt.com/stated atabreachstatutes/ Most states (except Alabama and South Dakota) have notification rules for any state that the firm filed a return. Chapter 3: IRS and FTC Data Security Rules

Chapter 3: IRS and FTC Data Security Rules Pages 44-45 A Summary Checklist Have a responsible person Identify risks to client info Evaluate safeguards Design / implement / test Watch your outside service providers Re-evaluate This is not optional: mandated that it be in writing. Check references on employees Employee confidentiality agreements Limit access of info to need to know Passwords – strong ones Screen savers with passwords Chapter 3: IRS and FTC Data Security Rules

Chapter 3: IRS and FTC Data Security Rules Pages 45 A Summary Checklist Change passwords regularly Protect laptops, flash drives Encrypt emailed documents Lock rooms and file cabinets Keep passwords secure Beware of “pretexting” Report behaviors Telecommuters must be especially careful Keep ex employees out of the system Secure data Dispose data responsibly Monitor for breaches… Chapter 3: IRS and FTC Data Security Rules