Don’t Forget to Check Your WISP!

Published: Feb 12, 2023

A WISP is now a critical requirement for tax practitioners, with strict FTC and IRS rules and major penalties for noncompliance. Here are key reminders and resources to help you stay protected.

 

By Kathy Ploch, CPA-Houston 

 

Before we get too buried in the 2023 tax returns, this is a reminder about data security and our responsibilities as practitioners to have a written information security plan (WISP) in place. I am sure many of you may have noticed when you renewed your PTIN that it asked for you to attest you had this written plan in place. 

There are several provisions in Circular 230 that state what a practitioner’s obligation is when dealing with data security and confidential client information. It lists the penalties, both civil (IRC Section 6713) and criminal (IRC Section 7216), for unauthorized disclosure of taxpayer information. Also, legislation enacted in 1999 in the Gramm-Leach-Bliley Act gave the Federal Trade Commission (FTC) authority to prescribe regulations establishing requirements of data protection for professional tax return preparers.  

In Section 314.2(h)(2)(viii) of the Safeguards Rule in the Act, accountants and other firms in the business of completing income tax returns must implement safeguards, including a WISP, to protect the security, confidentiality and integrity of the information. In 2015, the IRS created a public-private partnership called the Security Summit that works to protect confidential taxpayer information. The Security Summit prepares resources and awareness campaigns to make planning easier. 

Failure to maintain a WISP to fortify financial data may not only put clients at risk for identity theft and fraud, but it also exposes a practitioner to liability for violating the Safeguards Rule. The FTC can obtain penalties against a company that acted unfairly or deceptively through their Penalty Offense Authority (Section 5(m)(1)(B) of the FTC Act 15, U.S.C. Section 45(m)(1)(B)). If a company receives this notice and still engages in prohibited practices, it can face civil penalties of up to $50,120 per violation. This maximum penalty is adjusted for inflation every January.  

Listed below are various resources to assist you in complying with the WISP rules. Remember this plan should be reviewed annually for any updates needed. The IRS also recommends that you contact your IRS Stakeholder Liaison and the FTC if you incur a data breach.

 

AICPA members, there are several resources and a template (Tax Section): Gramm-Leach-Bliley Act (GLBA) and the FTC Safeguards Rule  

 

 

 

Topics:

You May be Interested in

  • The Verdict is In. The Texas Franchise Tax is GILTI, Raising New Questions and Potential Issues
    Beginning with the 2026 report year, the Texas Comptroller will align the franchise tax with the current Internal Revenue Code, likely requiring GILTI to be included in total revenue. This change raises sourcing, statutory and potential constitutional questions for businesses with foreign operations, creating new uncertainty and possible tax impacts.
  • NIL Income for Student-Athletes: Tax Implications and Emerging Pitfalls for Practitioners
    The expansion of NIL opportunities has created complex tax issues for student-athletes, whose income is generally treated as self-employment business income. Common pitfalls include unreported non-cash compensation, multi-state tax exposure, weak recordkeeping and limited financial literacy, all of which heighten audit risk. As IRS scrutiny increases and new reporting rules emerge, CPAs must understand these challenges to effectively advise this growing group of taxpayers.
  • Data Processing Services – SaaS and Software Licenses
    Cloud-based SaaS is treated as a taxable data processing service in Texas, with 80% of the sales price subject to sales tax, compared with 100% taxation for traditional software licenses. Taxpayers using SaaS in multiple states can further reduce Texas tax by allocating the software’s usage between Texas and non‑Texas locations. This often results in significant savings and may allow refunds for past overpayments.
More News

Support the Next Generation

Donate to TXCPA scholarships and help aspiring accountants achieve their goals.

Scholarships