All financial organizations, including accounting, tax preparation and CPA firms, must comply with The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999. This legislation protects consumers’ private financial information and controls the collection and disclosure of that information by CPAs, accountants and tax preparers.
These firms must have safeguards in place to protect your tax returns and any information you give them for preparing any financial statements.
According to GLBA, your CPA must comply with these requirements:
- Ensure the security and confidentiality of a customer’s information.
- Protect against any anticipated threats or hazards to the security or integrity of that information.
- Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.
This means that your CPA, whether an individual or part of a large organization, needs to have a secure computing and communications environment. CPAs use spreadsheets and financial preparation software on a personal computer to prepare documents and the files on those computers should be encrypted. This includes any local or remote storage, including local backup drives, USB drives, CDs, DVDs, smart phone or storage in the cloud. This also means that any electronic communication of that information needs to be secure.
If your accountant emails you an unprotected tax return, 1099, K1, or information from QuickBooks, that violates the GLBA provisions of protecting against unauthorized access to your private information. Since email is notoriously insecure, anyone might get access to that information. Some CPAs use FTP sites, which are better, but the security of FTP is somewhat limited.
A better approach is to use a secure file sharing service. That allows a CPA to securely transfer a client’s files, whether it’s a PDF of a tax return or a QuickBooks file. The client needs to authenticate before downloading the file and the transmission uses SSL encryption. Each file has a unique tracking number so the CPA has an audit trail of activity. This way your CPA can send you files electronically, which saves a lot of time, and comply with GLBA.
If you are a business and use an outside CPA or accounting firm to prepare your financial statements, make sure they have a secure way of storing and transmitting electronic files to you.
Photo credit alancleaver_2000