IRS Reminder: Tax Preparers Must Have a WISP
The IRS recently sent an email reminding all tax professionals of their legal obligation under the FTC Safeguards Rule to maintain a Written Information Security Plan (WISP). This essential plan outlines the policies and procedures your business follows to protect taxpayer data, assess risks, and respond to cybersecurity threats.
Why a WISP is Crucial
A well-crafted Written Information Security Plan (WISP) is vital for:
- Identifying security threats to client data
- Implementing safeguards to prevent data breaches
- Ensuring compliance with IRS and FTC data protection regulations
- Preparing a response plan for security incidents
Key Components of Your WISP
- Risk Assessment: Evaluate internal and external threats to client data
- Safeguards and Controls: Specify security measures like encryption, firewalls, and access controls
- Data Handling Policies: Set guidelines for data storage, access and disposal
- Incident Response Plan: Detail steps for addressing data breaches, including reporting procedures and client notifications
- Employee Training: Educate staff on security best practices
- Regular Security Reviews: Conduct periodic audits and updates to keep your plan current
Consequences of Not Having a WISP
Failing to comply with federal security regulations can lead to fines, legal actions, and damage to your reputation. More critically, inadequate data protection can expose your clients to identity theft and fraud.
If you don’t have a WISP yet, now is the time to create one with WISPBuilder.com.