It is helpful to know the IRS requires tax preparers to have a data recovery plan, since many taxpayers use a CPA, attorney, enrolled agent or other tax professional. In letter IR-2019-143, the Service explained the steps tax professionals must take to protect client data. The "Security Six" checklist is published jointly by the IRS and its Security Summit partners.
Step Five on the "Security Six" checklist is for tax professionals to create a data theft security plan. IRS Commissioner Chuck Rettig notes, "The number of tax professionals reporting data theft to the IRS remains too high, and it puts tens of thousands of taxpayers at risk for identity theft. We hope tax professionals will use the Security Summit Checklist as a starting point, not an endpoint, to protect their clients' data - and themselves. "
If your data professional discovers a security breach, there are several steps to follow.
- Contact IRS and Law Enforcement - When you promptly contact the IRS and law enforcement agencies, the authorities may take action to protect taxpayers. The IRS may be able to protect the named taxpayers from a fraudster who may use the stolen data to file a tax return in order to claim a large refund.
- Contact State Revenue Office - A tax professional should promptly contact the state tax agency. This would enable the state office to protect named taxpayers from the filing of fraudulent returns and claims for state refunds.
- Contact Security Expert - An expert computer security engineer can stop further fraudulent activity on your servers. The computer expert will be able to set up improved firewalls and virus protection.
- Contact Agencies and Clients - The tax professional must contact the Federal Trade Commission and the major credit bureaus. He or she must also send a disclosure letter to clients. The disclosure letter notifies clients of the data breach and encourages them to watch for a false tax return or to be suspicious if they receive an unexpected tax refund.
The good news is that the IRS Security Summit procedures have greatly reduced taxpayer fraud during the past four years. IRS Commissioner Rettig concluded, "Our objective is to get every tax professional to think about client data security. The Taxes-Security-Together checklist is intended as a starting point, spelling out the basic steps necessary to start a security review."