Nationwide Tax Relief: 844-638-0800
Facebook Twitter Instagram Linkedin Youtube Link
brightside tax relief
Brightside Tax Relief
Comprehensive Tax Relief Services
Get Tax Relief Now
GET TAX RELIEF

Careful WISP(er) — Professional Responsibility and Data Security: Practitioners’ Obligation to Have a Written Information Security Plan

Upholding Professional Responsibility and Data Security: The Necessity of a Written Information Security Plan

In the realm of professional obligations, practitioners, including attorneys, certified public accountants, enrolled agents, and tax return preparers engaged in the Internal Revenue Service’s Annual Filing Season Program, are mandated to adhere to Circular 230. This set of regulations, which governs the practice before the Internal Revenue Service (IRS), is overseen and enforced by the IRS’s Office of Professional Responsibility (OPR).

Understanding Circular 230 and Data Security Obligations

Circular 230 encompasses several provisions that directly relate to a practitioner’s responsibilities concerning data security and the protection of confidential client information. These provisions not only align with the privacy and penalty provisions of the Internal Revenue Code, including the penalties outlined in IRC 6713 (civil) and IRC 7216 (criminal) for unauthorized disclosure of taxpayer information, but they also correspond with nontax legislation enacted in 1999. This legislation granted the Federal Trade Commission (FTC) the power to formulate regulations that mandate data safeguarding requirements for various businesses, including professional tax return preparers.

This article aims to shed light on how the FTC’s implementing regulations, along with the IRS’s complementary guidance, influence the duties and restrictions imposed on tax practitioners by Circular 230.

The Importance of a Written Information Security Plan

According to federal law, which is enforced by the FTC, tax preparers are obligated to develop and maintain a written data security plan, also known as a WISP. The creation of a WISP is instrumental in protecting businesses and their clients, offering a clear course of action in the event of a security incident. Moreover, a WISP can prove invaluable in the face of events that significantly disrupt a tax professional’s ability to conduct regular business, such as natural disasters or theft.

Consequences of Neglecting a WISP

The absence of a WISP to safeguard private financial information can lead to severe consequences. Not only does it put clients at risk for identity theft and fraud, but it may also expose a practitioner to liability for violating the Safeguards Rule and the conditions of their malpractice insurance coverage. Furthermore, in cases of willful neglect, a practitioner may face discipline under Circular 230.

Given the competence requirement outlined in section 10.35 and the obligation imposed by section 10.36 to have procedures in place to ensure compliance with Circular 230 by all those involved in a tax practice, it is strongly advised that practitioners pay close attention to the requirement to adopt a WISP and implement suitable data security programs.

Ask a Tax Expert Now
Facebook
Twitter
LinkedIn
To fulfill their professional obligations, practitioners—attorneys, certified public accountants, enrolled agents, and tax return preparers who participate in the Internal Revenue Service’s Annual Filing Season Program—must comply with Circular 230, Regulations Governing Practice before the Internal Revenue Service (31 CFR Subtitle A, Part 10), which is administered and enforced by the IRS’s Office of Professional Responsibility (OPR). Several provisions of Circular 230 implicate a practitioner’s obligations when dealing with data security and confidential client information. These provisions complement not only the privacy and penalty provisions of the Internal Revenue Code—including the penalties in IRC 6713 (civil) and IRC 7216 (criminal) for unauthorized disclosure of taxpayer information—but also nontax legislation enacted in 1999 that gave the Federal Trade Commission (FTC) authority to prescribe regulations establishing requirements of data safeguarding for various businesses including professional tax return preparers. This article discusses how the FTC’s implementing regulations and complementary guidance issued by the IRS affect the duties and restrictions imposed on tax practitioners by Circular 230. Federal law, enforced by the FTC, requires tax preparers to create and maintain a written data security plan. Having a WISP protects businesses and their clients while providing a blueprint for action in the event of a security incident. In addition, a WISP can help if other events seriously disrupt a tax professional’s ability to conduct normal business, including fire, flood, tornado, earthquake, and theft. Failure to maintain a WISP to protect private financial information may not only put clients at risk for identity theft and fraud, it may also expose a practitioner to liability for violating the Safeguards Rule and the terms of their malpractice insurance coverage. In addition, it could subject a practitioner, in circumstances of willfulness, to discipline under Circular 230. Given section 10.35’s competence requirement and the obligation imposed by section 10.36 to have procedures in place to ensure compliance with Circular 230 by everyone involved in a tax practice, we encourage practitioners to pay heed to the requirement to adopt a WISP and implement appropriate data security programs.

Table of Contents

Brightside Tax Relief

Comprehensive Tax Relief Services

Our Tax Relief Fees – will vary depending on the complexity of your case and how much is owed. Fees are payable in convenient monthly installments if needed, and we are very flexible on the monthly payment terms with no finance charges added. You can specify your own payment terms and we can agree to it. – We Will Find An Affordable Payment Plan For You!

Quick Links

Services

© 2023 Brightside Tax Relief All Rights Reserved | Web Design By Bosseo | Sitemap

The information on this website is for general information purposes only. Nothing on this site should be taken as legal advice for any individual case or situation. This information is not intended to create, and receipt or viewing does not constitute, an accountant-client relationship.