Safeguarding client trust with the IRS Circular 230 Confidentiality
Trust is a big word – and can only be earned. And when it comes to the relationship between client and a tax pro – it’s everything. Clients trust your commitment to confidentiality just as much as they rely on your expertise. They trust that you are taking all steps necessary to secure their most sensitive personal and financial information.
They trust you to be confidential.
But, confidentiality is more than just good business and client relations.
With IRS Circular 230 confidentiality, trust is also your legal obligation as a tax professional, CPA, or enrolled agent.
What is IRS Circular 230?
IRS Circular 230 confidentiality rules provide a checklist of regulations issued by the U.S. Department of the Treasury defining who can represent a taxpayer and what the expected behavior should be.
These regulations define best practices for
- Certified Public Accountants (CPAs)
- Enrolled Agents (EAs)
- Attorneys
- Registered tax return preparers
IRS Circular 230 and confidentiality
Under IRS Circular 230, tax pros are prohibited from disclosing confidential client information without the client’s written, informed authorization.
Let’s say a client provides you with their tax return, financial documents, or Social Security number.
These confidential details should be handled with the highest care and discretion.
This means that you cannot share this information with a third party (even if they are a trusted professional) unless the client has given their written consent.
In addition, the IRS stresses that you are also required to put reasonable safeguards in place to ensure that this confidential client data isn’t stolen, lost, or misused by any unauthorized parties.
These safeguards can be determined when creating a WISP (Written Information Security Plan) and used to train your staff to follow suit.
As a professional you want to do the best for your clients, and know that confidentiality is important. It is extremely important, but it is also a legal obligation.
It matters now, more than ever
With data breaches, cyberattacks, and phishing scams increasing every day, sustaining confidentiality is not as simple as it once was. Locking a filing cabinet at the end of the day doesn’t cut it anymore. Tax pros must take the necessary steps to set up a security plan with best practices intended to prevent both physical, and even more so, digital data breaches.
Just one email in the wrong hands, or worse a full on data breach, can harm your clients and result in identity theft. It can also set a ripple of penalties and damage into motion from the IRS, civil lawsuits, and the loss of being able to do business.
Best practices to meet IRS Circular 230 expectations
So how can you be sure that your firm is practicing within the law and hitting the expectations of Circular 230?
Here is a checklist to print, or you can pin this page to your browser and come back often.
- Create and maintain a Written Information Security Plan (WISP). WISP Builder can help you do this quickly and cost-effectively with its fully compliant tool.
- Encrypt, encrypt, encrypt: Use encryption for every piece of information that is transferred between you and your client’s hands. If data is stolen, encryption makes it useless to the hacker.
- Access only as needed: Avoid unnecessary data sharing both within and outside of your firm.
- Keep devices and networks secure: Using secure passwords, firewalls, antivirus, and maintaining regular software updates.
- Train staff ongoing: Data and communication protocols and training on phishing scams should be provided regularly for new and current staff to help keep security top of mind daily.
- Get clear written authorization: When you need to share client information with a third party, take the necessary steps to get written consent first.
Client trust is everything.
Keeping your clients’ trust keeps your business running and keeps you in good legal standing. Trust starts with prioritizing confidentiality. It’s up to you to diligently consider care and be proactive about safeguards. Creating a WISP and effectively training staff while maintaining your security plan helps you do just that.
Stay secure. Stay compliant. WISP Builder helps you make it all happen in one easy to use tool.