Experienced a Data Breach?
The IRS has included some guidance for practitioners should they experience a data breach. IRS Publication 1345, Handbook for Authorized IRS e-file Providers of Individual Income Tax Returns, provides rules and requirements for participation in IRS e-file of individual income tax returns and related forms and schedules.
Of particular interest is item # 6 under IRS e-file Security and Privacy Standards in Chapter 2:
Reporting of Security Incidents:
"This standard applies to Providers participating in Online Filing of individual income tax returns that collect, transmit, process or store taxpayer information. These Providers shall report security incidents to the IRS as soon as possible but no later than the next business day after confirmation of the incident. For the purposes of this standard, an event that can result in an unauthorized disclosure, misuse, modification or destruction of taxpayer information shall be considered a reportable security incident. See instructions for submitting incident reports."
"In addition, if the Provider’s Web site is the proximate cause of the incident, the Provider shall cease collecting taxpayer information via their Web site immediately upon detection of the incident and until the underlying causes of the incident are successfully resolved."
Cyber Security Resources:
- Fact Sheet: Cybersecurity Risk Management
- Fact Sheet: Cybersecurity: A Dynamic and Complex Risk
- Fact Sheet: Cybersecurity National Action Plan
- The Institute of Risk Management Cyber Risk Report
- NIST Framework for Improving Critical Infrastructure Cybersecurity
- International organization for Standardization (ISO) Cybersecurity
- COSO Internal Control — Integrated Framework
- COSO in the Cyber Age
- FY 15 Chief Information Officer (CIO) Annual Federal Information Security Management Act (FISMA) Metrics
- Office of Compliance Inspections and Examinations (OCIE) 2015 Cybersecurity Examination Initiative
- Federal Financial Intuitions Examination Council (FFIEC) Cybersecurity Assessment Tool
- AICPA’s Information Management and Technology Assurance (IMTA) Section
- Top Cybercrimes Whitepaper: How CPAs Can Protect Themselves and Their Clients
The Need to Safeguard Taxpayer Data
National Taxpayer Advocate Delivers Annual Report to Congress; Focuses on Tax Reform, IRS Funding and Identity Theft
Today’s identity thieves are a formidable enemy. They are an adaptive adversary, constantly learning and changing their tactics to circumvent the safeguards and filters put in place to stop them from committing their crimes. Some of the individuals committing identity theft refund fraud are members of high-tech global rings engaged in full-scale organized criminal enterprises for stealing identities and profiting from that information. As the criminals' efforts increase in sophistication, so do the number and scope of data breaches, which serves to further expand the network and warehousing of stolen and compromised identity information, and in turn increases the potential for that stolen identity information to ultimately reverberate through the tax system. Continue Reading