If you’re a CPA or other tax preparer dealing in non-public personal identifiable information (PII), you’ve likely seen articles related to the newly updated FTC Safeguards Rule.
On June 9th, 2023, the Rule will be enforced. The Rule specifies that “financial institutions [must] develop, implement and maintain an information security program with administrative, technical and physical safeguards designed to protect customer information.”
As a tax preparer, it falls on you and your company to implement a cyber security program to protect your client’s data. The Rule specifically denotes nine tenants to follow under the law.
You’re probably busy this time of year, so we’ve summarized the tenants into key takeaways below. The FTC Safeguards Rule requires companies to:
Persons and entities affected by the FTC Safeguards Rule are those that fall under the current definition of a financial institution.
According to the FTC’s official page on the Safeguards Rule, a financial institution “means any institution the business of which is engaging in an activity that is financial in nature or incidental to such financial activities as described in section 4(k) of the Bank Holding Company Act of 1956, 12 U.S.C § 1843(k). An institution that is significantly engaged in financial activities, or significantly engaged in activities incidental to such financial activities, is a financial institution.”
The FTC Business Guidance webpage describes that entities covered include, but are not limited to:
The FTC notes that even if your business wasn’t covered by the original version of the rule, your business operations have likely evolved and changed over the past 20 years. The bottom line is if you deal in any sort of non-public, personally identifiable information, you are subject to the new regulations and must take action to prevent an FTC investigation or other worse consequences.
Ignoring the new requirements is always an option, but it could cost your company more in the long run than you’d expect. If your company experiences a data breach, here’s what could happen, according to the FTC:
If you’re concerned about the requirements of the FTC Safeguards Rule and what might happen if you don’t comply, we can help.
We’re hosting an informational webinar on January 19 on the subject, and we can help you become compliant with the Safeguards rule. Click here to register for free.
Book a call with us to discuss your current situation, or contact us with any questions/concerns you may have about the FTC Safeguards Rule or any other IT concerns.
Entrust your business to a team of reliable and responsive experts: You won’t regret it.
Cybersecurity Guide for Law Firms
The Cost of Cybercrime: Understanding the Financial and Reputational Risks
Common Cybersecurity Struggles for Law Firms
Enter your details below and we will contact you within 1 business day.
"*" indicates required fields