Data Security Plan

Technical topics regarding tax preparation.
#1
Jake  
Posts:
1384
Joined:
12-May-2014 3:19pm
Location:
Columbus, Ohio
For someone who is old and continues to prepare tax returns for a fee for less than 10 legacy clients out of a home office the IRS Data Security Plan requirement seems to be vast overkill. I put together what are essentially reasons why my very limited practice is very unlikely to result in identity theft. Among other things 100% of these few elderly clients refuse to file online. I would hope that the IRS would recognize that the risk here is extremely small. The data is on my computer, not in any cloud. I have reasonable virus and malware programs. There are hard copies in my files, should I hide them somewhere else? Black out SS#'s? All this seems overkill. My identity was stolen, and it had nothing to do with the stuff in my home.
 

#2
irc162  
Account Deactivated
Posts:
384
Joined:
5-Jan-2015 5:34pm
I agree. The IRS template plan tries to be all things to all people. It may not fit the way some of us do business. Like you, I am on the road to retirement. I do about half the returns I once did. The computers I use for tax returns are not used for other internet activities. There is a completely separate computer for that which does not contain any client data. The tax computers connect with the internet via an ethernet cable that isn't plugged in unless I am transmitting returns to the tax serevice or downloading updates. Wireless is disabled. Tax programs and files are maintained on external (encrypted) hard drives. If I am away for any length of time, they are removed and secured. My clients are old too, and while they all E file, many submit their tax data on paper. Anything they send me gets returned. Scans of the data are kept on an external encrypted hard drive. As for anyone breaking in, good luck getting past the canine secruity team (on site monitoring 24/7). And if someone should try to break in while I am here, it is likley to end badly for one of us.
 

#3
JAD  
Posts:
4022
Joined:
21-Apr-2014 8:58am
Location:
California
Nevertheless, we are required to have a written plan. Just type it out so you have complied. My situation is similar, small practice, off-line computer, etc.

For example, re encryption:

Encryption: Both on-line and off-line computers and the external backup drives are encrypted. Documents transmitted by email are password protected through Adobe Acrobat 9 Pro, which uses a 256-bit AES algorithm.

Re security of portable devices:

Security of portable devices: No work is performed on portable devices.
 


Return to Taxation



Who is online

Users browsing this forum: CaptCook, CoastalCPA, Google Adsense [Bot], HowardS, itssewtaxing, JoJoCPA, JR1, lckent, MAPCPA60, msmith7305, Nilodop, rbynaker, sjrcpa, SumwunLost, TaxDude, Terry Oraha, Treetopclimes and 203 guests