How To Complete Your Incident Response Plan

Tax preparers should be aware of the federal laws that outline the safeguard requirements for protecting sensitive client information.

The Safeguards Rule, within the Gramm-Leach-Bliley Act, requires individuals involved in providing financial products and tax preparation services to ensure the security and confidentiality of client records and information or face hefty fines. These fines can be up to $100,000.

If you’ve been working on implementing the revised Safeguards Rule at your business to meet the upcoming deadline, that’s good news for your company and your customers. Just know that for certain provisions of the updated Rule, the FTC has extended the compliance deadline by six months – to June 9, 2023 – in response to reports of personnel shortages and supply chain issues.

Some regulations may have cryptic titles, but the FTC Safeguards Rule is black and white for what a tax preparer must do to remain compliant. Its clear purpose is to strengthen the data security safeguards that companies must have in place in order to protect their clients personal information.

What provisions are included in the six-month extension? The revised Rule requires covered companies to:

• Designate a qualified person to oversee their information security program
• Develop a written risk assessment
• Limit and monitor who can access sensitive customer information
• Encrypt all sensitive information
• Train security personnel
• Develop an incident response plan (Action Plan)
• Periodically assess the security practices of service providers
• Implement multi-factor authentication or another method with equivalent protection for anyone accessing customer information