Data Recovery Plans for Tax Professionals
Step Five on the "Security Six" checklist is for tax professionals to create a data theft security plan. IRS Commissioner Chuck Rettig notes, "The number of tax professionals reporting data theft to the IRS remains too high, and it puts tens of thousands of taxpayers at risk for identity theft. We hope tax professionals will use the Security Summit Checklist as a starting point, not an endpoint, to protect their clients' data - and themselves. "
If your data professional discovers a security breach, there are several steps to follow.
- Contact IRS and Law Enforcement - When you promptly contact the IRS and law enforcement agencies, the authorities may take action to protect taxpayers. The IRS may be able to protect the named taxpayers from a fraudster who may use the stolen data to file a tax return in order to claim a large refund.
- Contact State Revenue Office - A tax professional should promptly contact the state tax agency. This would enable the state office to protect named taxpayers from the filing of fraudulent returns and claims for state refunds.
- Contact Security Expert - An expert computer security engineer can stop further fraudulent activity on your servers. The computer expert will be able to set up improved firewalls and virus protection.
- Contact Agencies and Clients - The tax professional must contact the Federal Trade Commission and the major credit bureaus. He or she must also send a disclosure letter to clients. The disclosure letter notifies clients of the data breach and encourages them to watch for a false tax return or to be suspicious if they receive an unexpected tax refund.