The Federal Trade Commission's Safeguards Rule requires professional tax preparers to prepare a "written information security plan" (WISP) describing how they protect customer information. The plan must be appropriate to the firm’s size and complexity, the kinds of work it does, and the sensitivity of the customer information that it handles.
A security plan helps protect against tax-related identity theft. It's also the law: 15 U.S.C. §§ 6801-6827, and the IRS may deem failure to follow its provisions as a failure to follow the procedures set forth in IRS Rev. Proc. 2007-40, subjecting the tax preparer to penalties and sanctions.
TaxSlayer Pro has drafted a data security plan template in Microsoft Word format you can use to prepare your own plan. To access it:
- Log in to your Account Hub here or by clicking the blue button at taxslayerpro.com.
- Select Account History in the left side menu.
- Click the Data Security Plan Template link to download it to your computer. You will need to use an editor such as Microsoft Word or equivalent to open and edit the file.
- Complete the items in red and fill in the tables as needed.
The IRS also has a WISP template in Publication 5708.
Additional Information:
IRS: What tax preparers need to know about a data security plan
IRS: Publication 4557, Safeguarding Taxpayer Data
IRS: Stakeholder Liaison Local Contacts (where to report a data breach)
FTC: Complying With The Safeguards Rule
NIST: Small Business Information Security: The Fundamentals
Federal Register: Standards for Safeguarding Customer Information