If you are a business or individual in the United States and you have someone prepare your taxes, make sure the firm is complying with The Gramm-Leach-Bliley Act (GLBA). This legislation protects private financial information and controls the collection and disclosure of that information by CPAs, accountants and tax preparers. With over 4 million small business in the US, this means a lot of tax documents.
Your tax preparer must have safeguards to protect your tax returns and any information you give them for preparing any financial statements. Some of the key elements are:
- Ensure the security and confidentiality of a customer’s information.
- Protect against any anticipated threats or hazards to the security or integrity of that information.
- Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.
This means that your accountant must have a secure computing and communications environment. But as with most laws, there is no specific recommendation of how to do that. The Federal Trade Commission (FTC) has developed guidelines for safeguarding information. Among the most important ones are:
- Encrypting sensitive customer information when it is transmitted electronically via public networks
- Developing policies for appropriate use and protection of laptops, PDAs, cell phones, or other mobile devices. Consider that customer information in encrypted files will be better protected in case of theft of such a device.
- If you must transmit sensitive data by email over the Internet, be sure to encrypt the data
Recently my accountant emailed me a tax return. The document was a PDF and to add a small measure of security, he put a password on it. That’s definitely not encryption, but it’s better than a wide open file. Unfortunately, it was very easy to remove the password. I opened the PDF in Adobe Acrobat, went to Document Properties and selected No Security under Security Method. Voila! The file is now wide open. Anyone who does a simple search on the Internet can come up with how to do it. If you don’t have Acrobat, there are a lot of other tools that will do this.
So, password protecting a PDF is not very secure. I don’t think my accountant violated any laws, since he did safeguard my information in a very basic way. In this case, complying with the letter of the law isn’t good enough in this day of hackers and cybercriminals. Since I could open and read the PDF on my smartphone or iPad, that is even less secure. If I lost that device, everyone could see my tax return.
I would prefer my accountant encrypt my tax return and make sure only he and I can see it. He could use Fasoo FSE to do that. Once encrypted, he could send it through email or use a cloud-based file sharing service. That allows the accountant to securely transfer my files. Besides being a better way to do business, this helps him comply with the recommendations by the FTC for adhering to GLBA.
If you are a business and use an outside CPA or accounting firm to prepare your financial statements, make sure they have a secure way of storing and transmitting electronic files to you.