Download presentation
Presentation is loading. Please wait.
1
Chapter 3: IRS and FTC Data Security Rules
Pages 31-45 Chapter 3: IRS and FTC Data Security Rules
2
What’s the State of Affairs
Pages 31 What’s the State of Affairs We have never had a data loss or breach We’re too small to be of interest to hackers Our is already secure enough We have antivirus software If we implement security our clients will leave We have a disclaimer to our s We are insured so it doesn’t matter We think the problem is over-stated We don’t want to spend the money We’re not certain what to do Chapter 3: IRS and FTC Data Security Rules
3
What Is An Accountant’s Exposure
Pages 31-32 What Is An Accountant’s Exposure Failure is not an option: Claims for damages from clients Forensic services, PR expense, lost business Civil and criminal enforcement proceedings 4 Dozen federal statutes and regs cover security FTC Safeguards Rule, Privacy Rule, Security Rule Legal costs to defend Security breach notification laws – 46 states Reputation damages Chapter 3: IRS and FTC Data Security Rules
4
The FTC Safeguards Rule
Pages 32-33 The FTC Safeguards Rule The Price of Failure Unlimited liability from clients FTC Fines – up to $ 50K per incident State Regulators notified Malpractice Insurance voided As part of the settlement with the FTC, the company is prohibited from violating the Privacy Rule and the Safeguards Rule of the Gramm-Leach-Bliley Act for 20 years. Consistent with several past cases involving violations of Gramm-Leach-Bliley Act Rules, the company is required for 10 years to obtain biennial third-party assessments of its compliance with these rules. Chapter 3: IRS and FTC Data Security Rules
5
Chapter 3: IRS and FTC Data Security Rules
Pages 32-33 FTC Safeguards Rule Written policy Someone in charge Identify risks and evaluate program Do something about it! Watch your service providers Adjust to circumstances How many accountants can say they are compliant? The Risk suffer a breach an live under a microscope Chapter 3: IRS and FTC Data Security Rules
6
Chapter 3: IRS and FTC Data Security Rules
Pages 33-34 A Safeguards Program A safeguards program is more than antivirus and locks on the door. Employee management & training Selection Confidentiality agreement Controlled access / locking file rooms / clean desk Screen savers Protection of assets – laptops, USB drives, etc Training Protocol on dismissed employees Chapter 3: IRS and FTC Data Security Rules
7
Chapter 3: IRS and FTC Data Security Rules
Pages 35 A Safeguards Program Information Systems – Know where sensitive customer information is stored and store it securely. Make sure only authorized employees have access. Take steps to ensure the secure transmission of customer information. Dispose of customer information in a secure way and, where applicable, consistent with the FTC’s Disposal Rule. Chapter 3: IRS and FTC Data Security Rules
8
Chapter 3: IRS and FTC Data Security Rules
Pages 36-37 A Safeguards Program Detecting and Managing System Failures: Monitoring the websites of your software vendors and reading relevant industry publications for news about emerging threats and available defenses. Maintaining up-to-date and appropriate programs and controls to prevent unauthorized access to customer information. Using appropriate oversight or audit procedures to detect the improper disclosure or theft of customer information. Taking steps to preserve the security, confidentiality, and integrity of customer information in the event of a breach. Considering notifying consumers, law enforcement, and/or businesses in the event of a security breach. Chapter 3: IRS and FTC Data Security Rules
9
IRS Data Security Requirements
Pages 37-38 IRS Data Security Requirements Chapter 3: IRS and FTC Data Security Rules
10
IRS Publication 1345 Requirements
Pages 38 IRS Publication 1345 Requirements Chapter 3: IRS and FTC Data Security Rules
11
IRS Publication 1345 Requirements
Pages 39 IRS Publication 1345 Requirements As an e-file provider you MUST: Be diligent in recognizing and preventing fraud Report fraud or abuse Cooperate with IRS investigations Appoint a “responsible official” Comply with the FTC Safeguards Rules Chapter 3: IRS and FTC Data Security Rules
12
IRS Publication 1345 Requirements
Pages 40 IRS Publication 1345 Requirements Chapter 3: IRS and FTC Data Security Rules
13
IRS Publication 4600, Revised 2016
Pages 40-41 IRS Publication 4600, Revised 2016 Publication 1345 but shorter and more refined. Chapter 3: IRS and FTC Data Security Rules
14
IRS Publication 4557, Revised 2015
Pages 41-42 IRS Publication 4557, Revised 2015 Type Here Chapter 3: IRS and FTC Data Security Rules
15
Chapter 3: IRS and FTC Data Security Rules
Pages 44 State Have Rules, Too atabreachstatutes/ Most states (except Alabama and South Dakota) have notification rules for any state that the firm filed a return. Chapter 3: IRS and FTC Data Security Rules
16
Chapter 3: IRS and FTC Data Security Rules
Pages 44-45 A Summary Checklist Have a responsible person Identify risks to client info Evaluate safeguards Design / implement / test Watch your outside service providers Re-evaluate This is not optional: mandated that it be in writing. Check references on employees Employee confidentiality agreements Limit access of info to need to know Passwords – strong ones Screen savers with passwords Chapter 3: IRS and FTC Data Security Rules
17
Chapter 3: IRS and FTC Data Security Rules
Pages 45 A Summary Checklist Change passwords regularly Protect laptops, flash drives Encrypt ed documents Lock rooms and file cabinets Keep passwords secure Beware of “pretexting” Report behaviors Telecommuters must be especially careful Keep ex employees out of the system Secure data Dispose data responsibly Monitor for breaches… Chapter 3: IRS and FTC Data Security Rules
Similar presentations
