Skip to main content
Establishing Secure Connection...

Incident Response Plan Instruction Guide for Cyber Security Compliance

How To Complete Your Incident Response Plan

The FTC Safeguards Rule requires all Tax Preparers have an Incident Response Plan AND a Written Information Security Plan


Tax preparers should be aware of the federal laws that outline the safeguard requirements for protecting sensitive client information.


The Safeguards Rule, within the Gramm-Leach-Bliley Act, requires individuals involved in providing financial products and tax preparation services to ensure the security and confidentiality of client records and information or face hefty fines. These fines can be up to $100,000.

If you’ve been working on implementing the revised Safeguards Rule at your business to meet the upcoming deadline, that’s good news for your company and your customers. Just know that for certain provisions of the updated Rule, the FTC has extended the compliance deadline by six months – to June 9, 2023 – in response to reports of personnel shortages and supply chain issues.

Some regulations may have cryptic titles, but the FTC Safeguards Rule is black and white for what a tax preparer must do to remain compliant. Its clear purpose is to strengthen the data security safeguards that companies must have in place in order to protect their clients personal information.

What provisions are included in the six-month extension? The revised Rule requires covered companies to:

• Designate a qualified person to oversee their information security program
• Develop a written risk assessment
• Limit and monitor who can access sensitive customer information
• Encrypt all sensitive information
• Train security personnel
Develop an incident response plan (Action Plan)
• Periodically assess the security practices of service providers
• Implement multi-factor authentication or another method with equivalent protection for anyone accessing customer information

Have Questions?

Schedule Time to Talk With a Specialist

AICPA Cyber Security Advisory Services



  1. Find local IRS stakeholder liaison by clicking here: Internal Revenue Service
  2. Find your local FBI office by clicking here: Federal Bureau of Investigation
  3. Find your local Secret Service office by clicking here: Secret Service
  4. Use your search engine (Google, Bing, Firefox, etc.) to search the term “local police,” to find the police station closest to you so you know where to file a report in the event of an incident
  5. Email asking them how to report your data breach
  6. Email the State Attorney General alerting them to the specific details of your breach asking if any other offices must be contacted
  7. Talk with your cyber security provider and depending of the type of breach, retrieve the appropriate monitoring logs to submit to the appropriate federal agency
  8. Calling the Insurance Company you are currently with and report the breach
  9. The FTC can be reach by phone (202) 326-2222 or email in order to request individualized guidance.
  10. You may find an ID Theft Protection Agency for credit monitoring by using your search engine (Google, Bing, Firefox, etc.) to search the term “ID theft protection Agency.”
  11. A fillable Form 14039 is available on It can be completed online, printed and attached to a paper tax return for mailing to the IRS. Or, taxpayers may complete the form online at the Federal Trade Commission and FTC will electronically transfer the Form 14039 – but not the tax return – to the IRS.
  12. Report the incident to credit bureaus as clients may seek their services with the information provided below:



P.O. Box 105496
Atlanta, Georgia 30348-5496
Tel: (800) 997-2493


P.O. Box 2104
Allen, Texas 75013-2104
Tel: (888) EXPERIAN (397-3742)

Trans Union Fraud Victim Assistance Dept.

P.O. Box 390
Springfield, PA 19064-0390
Tel: (800) 680-7289


About Bellator

Your Tax Preparer's Hub: WISP, IRS Compliance & Cybersecurity Solutions. Simplify GLBA Compliance. Expert Support & Value-Driven Services for Peace of Mind.