For accountants, it’s important to be in compliance with federal trade commission’s (FTC) Safeguards Rule. Its Safeguards Rule is making all accountants adhere to new rules and establish the ISP (information security system). Failure to do this could result in huge fines, legal penalties and the losing business.
What is the FTC Safeguards Rule?
The Free FTC Safeguards Rule Guide is an array of rules which require banks to create and implement a security plan. The goal of the rule is to safeguard sensitive information, including customers’ data, from unauthorized access to, use, or disclosure.
The Safeguards Rule applies to all banks, as well as accounting firms offering financial services. Accounting firms manage sensitive customer information like taxes, financial reports and financial records in general. It is therefore crucial to adhere to the Safeguards Rule to protect the confidentiality as well as the integrity and accessibility of this information.
When is the FTC Safeguards Rule Deadline?
The 9th of June 2023 is the date when accounting firms, regardless of their size are required to comply with regulations of the FTC Safeguards Rule.
What are the Requirements of the FTC Safeguards Rule?
The FTC Safeguards Rule requires financial institutions to design and implement an effective information security program. The program should be tailored to the dimensions and the degree of complexity of the institution in addition to the nature and extent of its work.
The Safeguards Rule requires financial institutions which include accounting firms to:
- Choose a reputable company to manage the information security program.
- Perform a risk analysis to discover external and internal risks to the security, confidentiality and integrity of information about customers.
- Create and implement an information security plan that incorporates technical, administrative physical and administrative security measures to guard customer information.
- Monitor and test regularly the security program for information to detect and correct weaknesses and to ensure its effectiveness.
- Review and modify the security program for information in response to the evolution of technology as well as the sensitivity of client data, as well as internal and external threats.
- A qualified professional must provide at least once a year to the the board with details about their cyber security.
- Review your security provider regularly and make any necessary adjustments if required.
- Make sure that your information security program (ISP) up to date.
- Write down and maintain an updated incident response plan for responding to an incident.
Why is compliance in accordance with FTC Safeguards Rule so important for accountants?
Conformity with the free FTC Safeguards Rule Guidance is crucial for accountants due to a variety of reasons. Here are a few of major benefits of observing the Safeguards Rule:
- Security of sensitive information: Accountants have access an array of data that hackers would like. One return can contain enough details to perpetrate identity theft. It is required to be secure from access by unauthorized persons and to be safe.
- Creates trust with your clients: By obtaining documents such as an Cyber Safeguards Compliance and displaying the same on your website or LinkedIn makes others aware that you are serious about security and that you’re a part of the process of doing business with you.
- Avoids Legal Acts: There are substantial fines that can force companies out of business due to a the data breach. A typical data breach could cause millions of dollars in restitution, and permanent reputational damage.
- Improves your reputation: The Safeguards Rule helps others view you as a forward-thinking accountant who is focused on security of data. In this way people will be able to see that they can trust you and eventually, they will conclude that they will do deal with you and your accountant. You’ve probably guessed that it generally boils down to whether the client know, trust and trust your business.
- Improves Efficiency: Making sure that vulnerabilities are fixed and security measures are in place will help things to run smoothly. Smooth = fast , and speedy is greater capacity. With greater capacity, your business can accomplish more in less time.
What do you think of the FTC Safeguards Rule December 2022
The original deadline to comply was December 9th, 22nd. The FTC took the decision to shift the date to 6/9/23 so that firms have the time they need to adhere to the deadline. The deadline currently is 6/9/23.
What are the requirements for the Safeguards Rule 2023?
What are the provisions included in the extension of six months? The extension that was announced in the latter half of 2022 will include new rules.
- Select a competent person to supervise their security program.
- Create a written risk assessment.
- Limit and control who is able to access customer data that is sensitive to the user.
- All sensitive information should be encrypted.
- Secure personnel in training
- Plan an incident response strategy
- Examine regularly how security measures are implemented by the service providers
- Use multi-factor authentication or a different method that provides the same protection to anyone who has access to customer data.
I already have WISP, is it identical to an ISP?
The WISP is a written information security program, accounting professionals with PTINs must have to renew their licenses. PTIN required to renew their licenses, is distinct from one called an ISP, Information Security Program. While the basic elements are the same however, the written information security plan (WISP) will outline the security procedures and steps the company must follow in various scenarios.
An ISP is an Information Security Program – is providing the specifics of how you will safeguard your business. Think that the WISP as the blueprint while it’s ISP being the real implementation. Although planning is only half the battle, the actions speak more louder than words.
Which things should I keep looking out for?
We’ve written a complete Top 10 Mistakes to Avoid Checklist which can be found here:
What Are The Penalties for Non-Compliance of the FTC Safeguards Rule?
Accounting Firms can be subject to civil penalties up to $46,517 for each violation FTC.gov.
What Size Firms Does The FTC Safeguards Rule Apply To?
This applies to businesses that are of any size. There are some lower requirements for compliance for firms who have access to fewer than five thousand records. Be aware, If you have access your client’s customer base via things such as Quickbooks Online, this counts as having more PII records.
If you have 500 customers and each of them has 100 customers then you’d be able to access 50k records and have to adhere to all the regulations.
Smaller firms that earn under 100 individual return each year could have lowered the requirements.
Remember, although this isn’t legally mandated, it’s still good business sense, regardless of the government insisting that you protect your customers.
Overall being in compliance with The Free FTC Security Rule Booklet is crucial for accountants who deal with sensitive customer information, including tax accountants. So, it’s crucial for accountants to adhere to the latest data security (ISP) guidelines. It’s more than just doing the government’s job by checking boxes and showing your concern and good business practices and also helps to keep your client’s data secure.