Safeguarding Taxpayer Data – Make a Security Plan

Notice: Historical Content


This is an archival or historical document and may not reflect current law, policies or procedures.

IRS Protect Your Clients; Protect Yourself Tax Tip Number 4

Cybercriminals want sensitive client data that tax professionals have, so the tax preparation community is a target. As a tax professional, you can take the initial step to safeguard taxpayer data by assessing your risks and making a security plan.

It’s more important than ever that tax professionals take aggressive steps to protect taxpayer information. Developing a good security plan not only makes you think about areas where you could be vulnerable to intrusions, it also helps you focus on prevention. How do you get started on developing a plan that is workable for your business?

Here are some initial steps:

Step 1: Complete a risk assessment

This means identifying the risks and potential impacts of unauthorized access, use or disclosure of information. It also means looking at what happens if someone modifies or destroys that information or the computer systems that can be used to access taxpayer data. Ask yourself these questions:

  • How vulnerable is your customer’s data to theft, disclosure, alteration or unrecoverable loss?
  • What can you do to reduce the impact to your customers and your business in such an event?
  • What can you do to reduce vulnerability?

Step 2: Write and follow an Information Security Plan

The plan should:

  • Address every item identified in the risk assessment.
  • Define safeguards you want staff, affiliates and service providers to follow.
  • Require a responsible person to review and approve the Information Security Plan.
  • Require a responsible person to monitor, revise and test the Information Security Plan on a periodic (annual) basis to address any system or business changes or problems identified.

Step 3: At least once a year, if not more, perform an internal assessment

  • Evaluate and test the security plan and other safeguards you have in place.
  • Document any deficiencies. Create and execute a plan to address them.

Learn more about these and other steps by reviewing IRS Publication 4557 PDF, Safeguarding Taxpayer Data.

This is one in a series of special security awareness tax tips for tax professionals. The “Protect Your Clients; Protect Yourself” campaign’s goal is to raise awareness among tax professionals. It is an initiative of the Security Summit, a joint project by the IRS, states and the tax community to combat identity theft. Because of the sensitive client data held by tax professionals, cybercriminals increasingly are targeting the tax preparation community.