Privacy Issues Facing CPAs Presentation Outline William C ...
Client Privacy in the New IT Environment Including the Challenges of Cloud Computing Texas CPA Tax Institute Nov. 12, 13, 2012 William C. Nantz, CPA, CFF, CGMA, RTRP, MBA, JD The Nantz Law Firm 2828 Bammel Lane, Suite 810 Houston, Texas 77098 713.542.5477 [email protected] William C. Nantz, CPA, CFF, MBA, JD This addresses issues related to privacy because of expanded use of computers and digital processing of accounting and tax data in the
Digital files stored in The Cloud. The IRS is pushing for universal electronic filing for everything it receives from tax return prepares and filing from The Cloud creates numerous security issues. Digital Footprints Copiers: http://www.youtube.com/watch?v=6pIFUOav2x E Personal Computers & how to destroy a Hard Drive: http://www.youtube.com/watch?v=dYcPT-xrLB
M Cloud Computing Cloud computing is a computing resource deployment and procurement model that enables an organization to obtain its computing resources and applications from any location via an Internet connection. Depending on the cloud solution model an organization adopts, all or part of the organizations hardware, software, and data might no longer reside on its own technology infrastructure. Instead, all of these resources may reside in a technology center shared with other organizations and managed by a third-party vendor. Cloud Computing
Many cloud service providers (CSPs)are relatively young companies, or the cloud computing business line is a new one for a well-established company. Hence, the projected longevity and profitability of cloud services are unknown. Some CSPs are curtailing their cloud service offerings because they are not profitable. Some CSPs might eventually go through a consolidation period. As a result, CSP customers might face operational disruptions or incur the time and expense of researching and adopting an alternative solution, such as converting back to in-house hosted solutions. Plans for such need to be included in any Cloud Based Computing plan. Personal Information Collection of sensitive personal identifying
information may go beyond the information collected from clients and may include information collected regarding employees, potential employees, information collected about a clients employees or customers, and any other situation where sensitive personal identifying information is collected. CPAs are not exemption from the state and federal requirements to safeguard and properly dispose of the sensitive personal identifying information they collect, even if the information is stored in The Cloud. What is Personal Identifying Information? Texas law defines sensitive personal identifying information as an individual's first name or initial and last name used in combination with one or more of the following personal identifying information:
a. date of birth; b. social security number or other government-issued identification number; c. mother's maiden name; d. unique biometric data, including the individual's fingerprint, voice data, or retina or iris image; e. unique electronic identification number, address, or routing code; f. telecommunication access device as defined by Section 32.51, Penal Code, including debit or credit card information; or g. financial institution account number or any other financial information. What is Personal Identifying Information? The U.S. Dept. of Commerce defines personal identifying information as:
Name, such as full name, maiden name, mothers maiden name, or alias; Personal identification number, such as social security number (SSN), passport number, drivers, license number, taxpayer identification number, patient identification number, and financial account or credit card; Address information, such as street address or email address; Asset information, such as Internet Protocol (IP) or Media Access Control (MAC) address or other host-specific persistent static identifier that consistently links to a particular person or small, well defined group of people Telephone numbers, including mobile, business, and personal numbers; Personal characteristics, including photographic image (especially of face or other distinguishing characteristic), x-rays, fingerprints, or other biometric image or template data (e.g., retina scan, voice signature, facial geometry) Information identifying personally owned property, such as vehicle registration number or title number and related information Information about an individual that is linked or linkable to one of the above (e.g., date of birth, place of birth, race, religion, weight, activities, geographical indicators, employment
information, medical information, education information, financial information). IRS Definition of Personal Identifying Information Safeguarding taxpayer information is a top priority for the Internal Revenue Service. Taxpayer information is any information furnished in any form or manner (e.g. on paper, verbally, electronically, in person, over the telephone, by mail, etc.) by or on behalf of a taxpayer for preparation of their return. It includes but is not limited to a
FTC Investigation: Fears that modern copy machines may store images on their hard drives indefinitely has prompted the Federal Trade Commission to take action. http://thehill.com/blogs/hillicon-valley/technol ogy/98423-ftc-examining-digital-copier-privac y IRS Texas State Board of Public Accountancy Texas Attorney General/District Attorney Penalties for Reveling Personal Information IRS: Internal Revenue Code provides for a fine of up to $1,000.00 and up to one-year in jail per
improper disclosure of tax related information under I.R.C. Section 7216. Each occurrence treated separately. FTC under the GLBA makes it a felony to knowingly transfer or use, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, State law or local law. Penalties for Reveling Personal Information Texas State Boar of Public Accountancy: up to a $100,000 fine for violation of a. Public Accountancy Act, Sec. 901.457.
http://info.sos.state.tx.us/pls/pub/readtac$ext.T acPage?sl=R&app=9&p_dir=&p_rloc=&p_tloc =&p_ploc=&pg=1&p_tac=&ti=22&pt=22&ch TSBPA Position RULE 501.75 Confidential Client Communications: Except by permission of the client or the authorized representatives of the client, a person or any partner, officer, shareholder, or employee of a person shall not voluntarily disclose information communicated to him by the client relating to, and in connection with, professional accounting services or professional accounting work rendered to the client by the person. http://info.sos.state.tx.us/pls/pub/readtac$ext.TacP
age?sl=R&app=9&p_dir=&p_rloc=&p_tloc=&p_pl oc=&pg=1&p_tac=&ti=22&pt=22&ch=501&rl=7 5 TSBPA Position Sec. 901.457. Accountant-Client Privilege: A license holder or a partner, member, officer, shareholder, or employee of a license holder may not voluntarily disclose information communicated to the license holder or a partner, member, shareholder, or employee of the license holder by a client in connection with services provided to the client by the license holder or a partner, member, shareholder, or employee of the license holder, except with the permission of the client or the clients representative. http://www.tsbpa.state.tx.us/pdffiles/TSBPAACT.pdf
AICPA Privacy Checklist The AICPA at the present time is not requiring its members to follow this checklist and states This checklist provides CPA firms with practical illustrations of selected Generally Accepted Privacy Principles (GAPP) in order to maintain privacy best practices within their organizations. http://www.aicpa.org/InterestAreas/Informatio nTechnology/Resources/Privacy/PrivacyServic es/DownloadableDocuments/CPA_Firms_Priva IRS Position
The Internal Revenue Service also requires CPAs to follow I.R.C. 7216. The AICPA takes the position that: IRC Section 7216 prohibits anyone who is involved in the preparation of tax returns from knowingly or recklessly disclosing or using the tax-related information provided other than in connection with the preparation of such returns. Anyone who violates this provision may be subject to a fine or even imprisonment. The Internal Revenue Code provides for a fine of up to $1,000.00 and up to one-year in jail per improper disclosure of tax related information under I.R.C.
Section 7216. Cloud Adds New Parties to the Privacy Party FTC Privacy of Consumer Financial Information Rule (16 CFR Part 313) This Rule (otherwise known as the Financial Privacy Rule) aims to protect the privacy of the consumer by requiring financial institutions, as defined, which includes professional tax preparers, data processors, affiliates, and service providers to give their customers privacy notices that explain the financial institutions information collection and sharing practices. In turn, customers have the right to limit some sharing of their information.
IRS Position The IRS also requires tax return prepares to follow privacy rules found in IRC Section 6713 Disclosure or Use of Information by Preparers of Returns. Title 26: Internal Revenue Code (IRC) 6713 This provision imposes monetary penalties on the unauthorized disclosures or uses of taxpayer information by any person engaged in the business of preparing or providing services in connection with the preparation of tax returns. If a return preparer discloses any information furnished to him, or in connection with, the preparation of any such return or uses any such information for any other purpose than to prepare, or assisting in the preparing the return, he or she will be fined $250 per disclosure up to an annual amount of $10,000.
IRS Position The Internal Revenue Service takes the following position regarding protection of personal identifying information when preparing a Form 5500: Do not enter social security numbers in response to questions asking for an employer identification number (EIN). Because of privacy concerns, the inclusion of a social security number on the Form 5500 or on a schedule or attachment that is open to public inspection may result in the rejection of the filing. If you discover a filing disclosed on the EFAST2 website that contains a social security number, immediately call the EFAST2 Help Line at 1-866-GO-EFAST (1-866-4633278). The inclusion of personal identifying information in a public
forum is to be avoided. Cloud Computing Considerations Monitor, evaluate, and adjust your security program as your business or circumstances change. The entities handling personal tax information of your clients will be required to provide privacy safeguards and you may be held liable if the safeguards are not performed properly. Encryption is a best business practice for both transmission of taxpayer information as well as storage of personal information. Securely remove all taxpayer information when disposing of computers, diskettes, magnetic tapes, hard drives, or any other electronic media that contain taxpayer information. The FTC Disposal Rule has information on how to dispose of
A CPA must maintain personal information in a confidential manner and use commercially reasonable safeguards to prevent unauthorized access to personal information. Conclusion Disposal of confidential information needs to follow Business & Commerce Code Section 35.48 Retention and Disposal of Business Records to an Outside Party, and needs to include the appropriate disposal of the hard drives of individual computers. When computers are destroyed, the hard drives need to be removed and destroyed separately. Client personal information will be disposed of by either shredding or obliteration of the personal information. A CPA may also contract with an individual or other entity engaged in the business of disposing of records, which
will dispose of Client personal information by either shredding or obliteration. Resources Safeguarding Client Information: http://www.irs.gov/pub/irs-pdf/p4557.pdf Safeguarding Client Information, Quick Reference: http://www.irs.gov/pub/irs-pdf/p4600.pdf Enterprise Risk for Cloud Computing: http://www.coso.org/documents/Cloud%20Computing%20Thought%20Paper.pdf AICPA Privacy Checklist: http://www.aicpa.org/InterestAreas/InformationTechnology/Resources/Privacy/PrivacyServi ces/DownloadableDocuments/CPA_Firms_Privacy_Checklist.pdf Intel Planning Guide, Cloud Security: http://www.intel.com/content/dam/www/public/us/en/documents/guides/cloud-computing-se curity-planning-guide2.pdf This PP and the documents listed above can also be located at
http://learning.hccs.edu/faculty/william.nantz Under Additional Resources William C. Nantz, CPA, CFF, CGMA, RTRP, MBA, JD, "Bill" is an attorney with the Nantz Law Firm and Board approved to teach the Ethics Course meeting the criteria set forth in Board Rule 511.58 and required in order to apply for the Uniform CPA Exam in Texas at Houston Community College. This powerpoint is published as general information only and should not be construed as legal advice. This article is not intended to be applied to any particular situation as such application requires knowledge and analysis of the specific facts involved. The Nantz Law Firm is not a CPA firm, but William C. Nantz, CPA is a CPA firm licensed by the Texas State Board of Public Accountancy. Bill may be contacted at 713.542.5477, [email protected] or [email protected]
All SDOHs are local: collaborating to assure healthy habitats for humans. Barbara Laymon, MPH. National Association of County and City Health Officials. Introduction. ... Ingham County (Lansing, MI) Health Department.
The need for effective and enhanced cross border collaboration among the participating consumer protection and competition agencies as well as criminal authorities for enforcement cooperation on consumer protection matters. That all participating countries are affected by numerous consumer violations across...
Why Change? Safety - There is not one source of truth for home medications. Numerous members of the team collect medication lists yet these lists are not shared and there is lack of confidence in the list.
La obra de los psicólogos Kurt Lewin y Carl Hovland, con sus aportaciones sobre el líder de opinión y el proceso de persuasión, antes y después de la 2a. Guerra mundial. Difusionismo, en los 60s, Evertt Rogers. Agenda setting, en...
DNA Replication "Unzip DNA twisted ladder" (HELICASE) Break H bonds between bases. DNA Replication. Match correct nucleotides according to base pair rules (DNA POLYMERASE) There are free floating nucleotides in nucleus. Remember: A-T, G-C. DNA Replication.
Arial Calibri Arial Black Arial Bold 59 Building the Future Of Waterfowl Together PowerPoint Presentation Steering Committee PowerPoint Presentation Improve Waterfowl Populations and Wetland Habitat Understand and Increase Waterfowl Hunting Heritage Engage the Public in Michigan's Waterfowl Legacy 2012-2013 is...
"CERN's EDH enables staff. to . focus on CORE activities . by. minimizing . the overhead . of. business processes" > 270'000 documents in 2010 > 14'000 users from many countries. Used by all CERN personnel. We have seen Purchase...
Ready to download the document? Go ahead and hit continue!