An Evergreen Reminder of Requirements Regarding Securing Client Data

Published: Oct 11, 2024

Cyberthieves target firms year-round. Review your WISP, update safeguards, and stay IRS compliant to protect client data. Read more on TXCPA.org.

William Stromsem, CPA, J.D., George Washington University School of Business 

 

Cyberthieves are trying to get your information year-round. Now that October 15 is behind us and year-end tax planning is not here yet, this might be a good time to review requirements for securing client information. If you have a data breach, this can ruin client relationships and even end your practice. 

The IRS requires a Written Information Security Plan (WISP) to protect your firm and clients from cyberattacks. Ensure that your plan is valid, up to date and in compliance with the IRS requirements. IRS Publication 5708 is a brief document that details what is required and how to customize your plan for your practice. AICPA Tax Section members can download a copy of AICPA's WISP template

Also, the Federal Trade Commission requires practices to use multifactor authentication in accessing client information that is stored on computers or on networks (including cloud storage). This would include return preparation records when vendor software is used. Multifactor identification involves using two or more items that only the user would know, like username and password, or if available, facial recognition, fingerprints or other means of verifying that the person accessing the information is authorized to do so.   

Hopefully, your firm has this fully implemented. 

Topics:

You May be Interested in

  • Risk Alert: New Post Office Rule Affects (Delays) Postmark Date for First Class Mail
    At the end of 2025, the U.S. Postal Service rolled out Rule 608.11 and it’s a game-changer. First Class mail is now postmarked when it is processed at a regional center, which could be days later. A delayed postmark could mean late filings, penalties, interest, or even missed claims. Savvy practitioners are taking steps to ensure enhanced proof of timely mailing.
  • California Penalty Abatement – There May be Hope Yet
    California’s Franchise Tax Board offers several options for penalty relief that can help taxpayers avoid unnecessary costs. This article highlights practical abatement options that can help CPAs reduce or eliminate penalties for California residents and nonresidents.
  • For Many, RMDs from Inherited IRAs Must Start by Dec. 31, 2025
    Inherited an IRA? New IRS final regulations issued July 18, 2024, end years of delays and require many beneficiaries to take required minimum distributions—or face a 25% penalty. Learn who’s affected and what to do.
More News

Get Involved

Share your expertise and shape the future of the profession—volunteer with TXCPA and make a meaningful impact in your community.

Get Involved