TAX PRACTICE

Cybersecurity Exemptions for Orgs with Less than 5,000 Clients

By

You may be off the hook, but not out of the woods.

By Donny Shimamoto

Management consulting company AON described an exemption for some of the FTC requirements for firms that handle the personal identifiable information (PII) of less than 5,000 consumers.[i]

The Safeguards Rule provides an exception from certain requirements if the covered financial institution maintains customer information concerning fewer than 5,000 consumers. A consumer is defined in Section 314.2(b)(1) of the Safeguards Rule as “an individual who obtains or has obtained a financial product or service from the financial institution that is used primarily for personal, family, or household purposes, or that individual’s legal representative.”

MORE:  How Hacker-Proof Is Your Firm? | Unleashing the Power of Technology: Transforming Accountants into Trusted Advisors | Future Firm Growth Requires a Mindshift | AI, OCR, NLP & CPAs: Oh My!   |  Accounting Nerds, Unlock Your Super Powers  | Early Adopters Gain an Edge in Audit | Dustin Wheeler: For Serious CAS Success, Hire Tech Teams | CSR for CPAs: The Missing Ingredient | Donny Shimamoto Explains How ‘Agile’ Applies to CPA FirmsStaff Retention for Remote Workers | Why the Future is in Risk Advisory |  Ready for Non-CPA “CPA” Firms?
GoProCPA.com Exclusively for PRO Members. Log in here or upgrade to PRO today.

Essentially if you handle less than 5,000 social security numbers, then it would appear that you can take advantage of this exemption. AON went on to report that if you fall under this exemption, then you do not need to address the following requirements:

READ MORE →

Congress: Tax Prep Companies Shared Private Data with Google, Meta for Years

By

Former FTC chief says this data breach is a “five-alarm fire.”

By Rick Richardson
Technology This Week

A seven-month congressional investigation found that three of the biggest tax preparation firms in the country may have shared Americans’ private financial information with Google and Meta for years in a possible violation of federal law. The information, in some cases, was used for targeted advertising.

MORE TECH THIS WEEK: The First Police Officer on the Scene Might Be a Drone | Electronic Skin That Can Sense Touch Will Transform Robotics | ChatGPT Passes CPA Exam on Second Try | Stanford Scientists 3D-Print Heart Tissue | Four of Today’s New Technologies That Will Be Tomorrow’s ‘Norm’ | Cyber Insurance Costs Rise in Health Care as Attacks Soar

GoProCPA.comExclusively for PRO Members. Log in here or upgrade to PRO today.

The investigation’s findings reveal a “five-alarm fire” for taxpayer privacy that, according to legal experts, could result in public and private lawsuits, criminal penalties or even a “mortal blow” for some major industry players like TaxSlayer, H&R Block and TaxAct.

“On a scale from one to 10, this is a 15 … This is as great as any privacy breach that I’ve seen other than exploiting kids. This is a five-alarm fire if what we know about this so far is true.”

READ MORE →

Safe Harbor Compliance Reduces Risk of Fines and Penalties

By

Protect your clients–and your firm–by being proactive.

By Donny Shimamoto, CPA, CITP, CGMA

In the last few years, we’re starting to see state legislatures and attorney generals recognizing that tax practitioners are trying to protect their clients. They are formalizing this recognition with changes to regulations or laws to include “safe harbor” provisions that limit or eliminate the fines and penalties for tax practitioners who take proactive action to manage their cybersecurity risks.

MORE:  How Hacker-Proof Is Your Firm? | Unleashing the Power of Technology: Transforming Accountants into Trusted Advisors | Future Firm Growth Requires a Mindshift | AI, OCR, NLP & CPAs: Oh My!   |  Accounting Nerds, Unlock Your Super Powers  | Early Adopters Gain an Edge in Audit | Dustin Wheeler: For Serious CAS Success, Hire Tech Teams | CSR for CPAs: The Missing Ingredient | Donny Shimamoto Explains How ‘Agile’ Applies to CPA FirmsStaff Retention for Remote Workers | Why the Future is in Risk Advisory |  Ready for Non-CPA “CPA” Firms?
GoProCPA.com Exclusively for PRO Members. Log in here or upgrade to PRO today.

As of December 2022, the following states have some type of safe harbor provision in place:

In contrast, states like California and Colorado are taking the opposite approach and penalizing organizations that have data breaches.[iv]

READ MORE →

Control Your Time: Avoid Ambush Meetings and Calls

By

How much time do you lose to pop-ins and unscheduled phone calls? Get it back.

By Frank Stitely
The Relentless CPA

Ambush meetings and phone calls are unscheduled events. Clients just walk in with a tax document and want to say, “Hello.”

MORE: Get Clients to Bring Tax Docs Early…Yes, EARLY |You Train Your Clients, Whether You Mean To or Not | Train Your Clients Before They Train You | Why Time Tracking Still Matters | Business Owners Face One of Three Exits | Don’t Let Clients Dictate Tax Workflow | Make Fewer Mistakes, Increase Revenue and Capacity | How Small Firms Can Win the Talent Wars | Easy Ways to Avoid ‘Done But’ Tax Returns | Six Ways to Create a Millennial-Friendly Firm | Do You Know Your Turnaround Time?
GoProCPA.comExclusively for PRO Members. Log in here or upgrade to PRO today.

This morphs into, “Quick question while I’m here. …” Fifteen productive minutes escape your life, which is really 30 minutes when you consider the mental time you need to switch back to the task that was interrupted.
READ MORE →

Four Simple Game-Changers to Modernize Your Practice

By

Focus on the client experience.

By Blake Oliver
with David Leary

My mom is in her 70s and still gets the taxes organized for her household. She’s been using the same 10-partner firm for the past 30 years. Like many small firms, hers had no succession plan, so it recently merged with a big firm – top 25. As you may imagine, her recent tax season experience was disappointing. She submitted all her documents on time and then didn’t hear anything from her new accountant for weeks. Finally, she received a return to review and was shocked to see herself marked down as blind. My mom is NOT blind. There were other errors in her return, including a missing real estate transaction. Clearly, it had not gone through a proper review process.

MORE: Nine Ways to Measure Client ExperienceHow the Pandemic Changed Firm Mindsets | Twelve Clues It’s Time to Outsource or Offshore | Yes, You Have the Staffing for CAS | Why Firms Shy Away from CAS | Hook Your Firm on CASCan You Identify Real CAS Prospects? | 8 Ways to Create Your CAS Practice | Do You Value Your CAS Value?
GoProCPA.comExclusively for PRO Members. Log in here or upgrade to PRO today.

My mind exploded, wondering how such a large, well-known firm didn’t have a better quality control process in place. I’m guessing they didn’t even have a workflow management solution. After sharing this story with several CPAs at other large firms, I learned that my mom’s situation was not all that unusual.

READ MORE →

How Tax Practitioners Became Cybersecurity Risks

By

Tax professionals are a hacker’s dream.  

By Donny Shimamoto, CPA, CITP, CGMA
On Cybersecurity for Accountants
Center for Accounting Transformation

In 2015 the U.S. Internal Revenue Service (IRS) held its first Security Summit[i]. By creating a public-private partnership via the summit, the IRS is seeking to protect more taxpayers and more tax dollars from tax-related identity theft.

MORE: How Hacker-Proof is Your Firm?Donny Shimamoto: Future Firm Growth Requires a Mindshift | AI, OCR, NLP & CPAs: Oh My!   |  Accounting Nerds, Unlock Your Super Powers  | Early Adopters Gain an Edge in Audit | Dustin Wheeler: For Serious CAS Success, Hire Tech Teams | CSR for CPAs: The Missing Ingredient | Donny Shimamoto Explains How ‘Agile’ Applies to CPA FirmsStaff Retention for Remote Workers | Why the Future is in Risk Advisory |  Ready for Non-CPA “CPA” Firms?
GoProCPA.com Exclusively for PRO Members. Log in here or upgrade to PRO today.

Partners in the summit included the IRS, state tax agencies and the private sector tax industry—for example, financial institutions, cybersecurity practitioners and tax practitioners.

The summit brought together people from the full value chain of tax compliance. Taxpayers submit information to tax practitioners, who prepare the returns and submit them to the tax authorities.

READ MORE →

How Hacker-Proof Is Your Firm?

By

Thieves always build a better mousetrap, so stay vigilant.

By Donny Shimamoto, CPA, CITP, CGMA
On Cybersecurity for Accountants

In 2018, fraudsters posed as tax authorities and state accounting and tax professional associations. These were simple phishing attacks trying to get tax practitioners’ email usernames and passwords, allowing fraudsters to obtain client contact information and perform email-based password resets for other systems.

MORE:  Future Firm Growth Requires a Mindshift | AI, OCR, NLP & CPAs: Oh My!   |  Accounting Nerds, Unlock Your Super Powers  | Early Adopters Gain an Edge in Audit | Dustin Wheeler: For Serious CAS Success, Hire Tech Teams | CSR for CPAs: The Missing Ingredient | Donny Shimamoto Explains How ‘Agile’ Applies to CPA FirmsStaff Retention for Remote Workers | Why the Future is in Risk Advisory |  Ready for Non-CPA “CPA” Firms?
GoProCPA.com Exclusively for PRO Members. Log in here or upgrade to PRO today.

The IRS reported seeing threats specifically targeting preparers in Illinois, Iowa, New Jersey and North Carolina. Additionally, the IRS received reports tied to a Canadian accounting association.[i]

READ MORE →

Get Clients to Bring Tax Docs Early … Yes, EARLY

By

The secret? Humor, sarcasm and shame.

By Frank Stitely
The Relentless CPA

There are easy ways to get clients to do what we need them to do. In our office, we call the process “training” clients. One of our biggest headaches is the late delivery of tax materials. So, we train our clients to bring their tax documents in early.

MORE: You Train Your Clients, Whether You Mean To or Not | Train Your Clients Before They Train You | Why Time Tracking Still Matters | Business Owners Face One of Three Exits | Don’t Let Clients Dictate Tax Workflow | Make Fewer Mistakes, Increase Revenue and Capacity | How Small Firms Can Win the Talent Wars | Easy Ways to Avoid ‘Done But’ Tax Returns | Six Ways to Create a Millennial-Friendly Firm | Do You Know Your Turnaround Time?
GoProCPA.comExclusively for PRO Members. Log in here or upgrade to PRO today.

We accomplish this through a series of e-blasts explaining our deadlines. The e-blasts start in December, and we call them “Countdown to Tax Season.” They cover much more than our deadlines for clients to provide business and personal income tax returns documents.

READ MORE →