The Federal Trade Commission (FTC) recently amended its cornerstone Safeguards Rule to ensure financial institutions adequately protect consumer information. The FTC amended the rule to provide more guidance on complying with specific requirements.
As a professional accounting firm that handles sensitive information, you must understand the main requirements of the FTC Safeguards Rule, how the compliance requirements apply to your business, and the steps you can take to ensure you are following the agency’s guidance.
At ABL Computers, we are committed to your accounting firm’s success and have outlined the three things you need to know to comply with the FTC Safeguards Rule to maintain network security.
In 2015, the IRS created the Security Summit to bring together state agencies and private-sector security experts to create a robust cybersecurity workgroup. The Security Summit’s mission is to identify and establish security requirements and guidance for tax professionals and other financial institutions.
As part of its workgroup duties, the Security Summit publishes helpful guides to help tax industry experts meet FTC and other federal agency requirements.
One of the most cybersecurity Acts your accounting firm should know about is the Gramm-Leach-Bliley (GLB) Act. Requiring non-banking financial institutions of all types to maintain the security of confidential and sensitive financial information, the GLB Act is an important cornerstone of business cybersecurity requirements.
In 2003, the GLB Act formed the foundation for the FTC’s Safeguards Rule, which outlines requirements to safeguard sensitive taxpayer information through the creation of a written information security plan, among other things. If your accounting firm does not comply with these federal regulations, you may be subject to FTC investigation and fines.
The FTC Safeguards Rule applies to any non-banking financial institution or business engaging in activity that is financial in nature, including CPA firms, regardless of size or number of clients. Section 314.2(h) outlines a handful of examples of the types of entities considered financial institutions under the Rule, including tax preparation firms.
However, be aware that the Safeguards Rule does offer exceptions. If your accounting firm maintains sensitive customer information for fewer than five thousand consumers, your accounting firm may be exempt from following the provisions of the Rule.
If you believe your accounting firm may fall under the exemption of Section 314.6, you can consult the information on this page.
The first step is ensuring your accounting team is familiar with the Safeguards Rule and understands the importance of complying with the outlined requirements. At its core, the Safeguards Rule was established to require non-banking financial institutions like accounting firms to develop, implement, and maintain a written information security program.
This information security program must outline administrative, technical, and physical safeguards your accounting firm uses to protect sensitive taxpayer and non-public customer information from cybersecurity attacks and breaches.
“Customer information” includes any record that contains nonpublic personal information about your customers, whether the information is found on paper, electronically, or in some other form. Information is defined as “customer information” if it is handled or maintained by your accounting firm or any of your affiliates.
The FTC defines “nonpublic personal information” as any personally identifiable financial information or any list, description, or other grouping used to personally identified financial information that is not publicly available.
The information security program must outline the steps your accounting firm will take to protect your clients’ nonpublic, personal, and customer information. Among other things, the information security program must fulfill nine elements as outlined by the FTC, including:
For more information on creating a Data Security Plan, check out our recent blog post outlining the three steps your accounting firm can take today to create a customized plan.
If your accounting firm is having trouble complying with the FTC’s Safeguards Rule, we encourage you to set up a free consultation with us. We can walk you through the requirements to comply with these cybersecurity requirements, including serving as the qualified individual responsible for writing and maintaining your written information security program.
No problem, we still want to send you a copy of our recently published report, 21 Questions To Ask Before Hiring An IT Team.
Not ready to make the change right now? Are you sure that your financial service business is not vulnerable to expensive problems, such as, lost data, viruses, hacker attacks and other critical issues? Do you know their policies, procedures, and service standards? This report will provide you with important questions to ask your current IT professional.
Simply fill out the form here and we will send you a copy today!