Don’t Forget to Check Your WISP!

Published: Feb 12, 2023

A WISP is now a critical requirement for tax practitioners, with strict FTC and IRS rules and major penalties for noncompliance. Here are key reminders and resources to help you stay protected.

 

By Kathy Ploch, CPA-Houston 

 

Before we get too buried in the 2023 tax returns, this is a reminder about data security and our responsibilities as practitioners to have a written information security plan (WISP) in place. I am sure many of you may have noticed when you renewed your PTIN that it asked for you to attest you had this written plan in place. 

There are several provisions in Circular 230 that state what a practitioner’s obligation is when dealing with data security and confidential client information. It lists the penalties, both civil (IRC Section 6713) and criminal (IRC Section 7216), for unauthorized disclosure of taxpayer information. Also, legislation enacted in 1999 in the Gramm-Leach-Bliley Act gave the Federal Trade Commission (FTC) authority to prescribe regulations establishing requirements of data protection for professional tax return preparers.  

In Section 314.2(h)(2)(viii) of the Safeguards Rule in the Act, accountants and other firms in the business of completing income tax returns must implement safeguards, including a WISP, to protect the security, confidentiality and integrity of the information. In 2015, the IRS created a public-private partnership called the Security Summit that works to protect confidential taxpayer information. The Security Summit prepares resources and awareness campaigns to make planning easier. 

Failure to maintain a WISP to fortify financial data may not only put clients at risk for identity theft and fraud, but it also exposes a practitioner to liability for violating the Safeguards Rule. The FTC can obtain penalties against a company that acted unfairly or deceptively through their Penalty Offense Authority (Section 5(m)(1)(B) of the FTC Act 15, U.S.C. Section 45(m)(1)(B)). If a company receives this notice and still engages in prohibited practices, it can face civil penalties of up to $50,120 per violation. This maximum penalty is adjusted for inflation every January.  

Listed below are various resources to assist you in complying with the WISP rules. Remember this plan should be reviewed annually for any updates needed. The IRS also recommends that you contact your IRS Stakeholder Liaison and the FTC if you incur a data breach.

 

AICPA members, there are several resources and a template (Tax Section): Gramm-Leach-Bliley Act (GLBA) and the FTC Safeguards Rule  

 

 

 

Topics:

You May be Interested in

  • TXCPA Urges Texas Delegation to Support Fiscal State of the Nation Act
    TXCPA is encouraging Texas lawmakers to support H.R. 7026, the Fiscal State of the Nation Act. This bill would give Congress clearer, more consistent financial insights and help strengthen long‑term fiscal decision‑making.
  • Navigating Last-Minute Filing Season Details
    The IRS and states are issuing last-minute rules that affect this tax season - mandatory electronic payments, new CP53E refund notices, expanding state e-payment requirements, and updated USPS postmark rules. Practitioners need to stay alert.
  • The IRS May Owe Your Clients Money from the COVID Period
    Recent court decisions have opened a largely overlooked opportunity for significant tax refunds based on mandatory disaster relief under IRC Section 7508A during the federally declared COVID-19 disaster period. As a result, interest and penalties assessed during this period may be invalid and refundable, and some taxpayers who received refunds may also be entitled to unpaid overpayment interest. While uncertainty remains and the IRS may resist such claims, timely protective refund filings are critical to preserve clients rights as the statute of limitations continues to run.
More News

Support the Next Generation

Donate to TXCPA scholarships and help aspiring accountants achieve their goals.

Scholarships