An Evergreen Reminder of Requirements Regarding Securing Client Data

Published: Oct 11, 2024

Cyberthieves target firms year-round. Review your WISP, update safeguards, and stay IRS compliant to protect client data. Read more on TXCPA.org.

William Stromsem, CPA, J.D., George Washington University School of Business 

 

Cyberthieves are trying to get your information year-round. Now that October 15 is behind us and year-end tax planning is not here yet, this might be a good time to review requirements for securing client information. If you have a data breach, this can ruin client relationships and even end your practice. 

The IRS requires a Written Information Security Plan (WISP) to protect your firm and clients from cyberattacks. Ensure that your plan is valid, up to date and in compliance with the IRS requirements. IRS Publication 5708 is a brief document that details what is required and how to customize your plan for your practice. AICPA Tax Section members can download a copy of AICPA's WISP template

Also, the Federal Trade Commission requires practices to use multifactor authentication in accessing client information that is stored on computers or on networks (including cloud storage). This would include return preparation records when vendor software is used. Multifactor identification involves using two or more items that only the user would know, like username and password, or if available, facial recognition, fingerprints or other means of verifying that the person accessing the information is authorized to do so.   

Hopefully, your firm has this fully implemented. 

Topics:

You May be Interested in

  • The Verdict is In. The Texas Franchise Tax is GILTI, Raising New Questions and Potential Issues
    Beginning with the 2026 report year, the Texas Comptroller will align the franchise tax with the current Internal Revenue Code, likely requiring GILTI to be included in total revenue. This change raises sourcing, statutory and potential constitutional questions for businesses with foreign operations, creating new uncertainty and possible tax impacts.
  • NIL Income for Student-Athletes: Tax Implications and Emerging Pitfalls for Practitioners
    The expansion of NIL opportunities has created complex tax issues for student-athletes, whose income is generally treated as self-employment business income. Common pitfalls include unreported non-cash compensation, multi-state tax exposure, weak recordkeeping and limited financial literacy, all of which heighten audit risk. As IRS scrutiny increases and new reporting rules emerge, CPAs must understand these challenges to effectively advise this growing group of taxpayers.
  • Data Processing Services – SaaS and Software Licenses
    Cloud-based SaaS is treated as a taxable data processing service in Texas, with 80% of the sales price subject to sales tax, compared with 100% taxation for traditional software licenses. Taxpayers using SaaS in multiple states can further reduce Texas tax by allocating the software’s usage between Texas and non‑Texas locations. This often results in significant savings and may allow refunds for past overpayments.
More News

Support the Next Generation

Donate to TXCPA scholarships and help aspiring accountants achieve their goals.

Scholarships