IRS Compliance: How to Protect the Confidentiality of Your Clients and Employees
The increase in threats of data breaches and information losses is alarming. People are becoming more sensitive about the vulnerability of their confidential data.
Nearly everyone is worried about identity theft. However, business nature makes organizations handle confidential records and other personal data. If you’re like any other business, your organization has access to and works with federal tax information (FTI) of clients and employees.
The law protects sensitive personal and financial information about taxpayers — giving businesses the responsibility of safeguarding federal tax information they handle.
Apart from legal requirements, losing customer and employee data has adverse effects on businesses. People don’t relate well with companies that have privacy issues.
Most businesses lose data through:
- Theft
- Accidents
- Negligence
As a result, you need to devise a data security plan to ensure you comply with IRS regulations. A secure data plan includes four key principles:
1. Identification of the Federal Tax Information in Company’s Files and Computers
Your first step to secure all the federal tax information your company has is to check everywhere where you store sensitive data. Check all storage media, including:
- All computers
- Laptops
- Flash drive
- Mobile devices
- Digital copier
- Home computers
- Disks
- Cabinet
Scrutinize every location and data type.
Most businesses receive federal tax information in multiple ways — from contractors, websites, call centers, and even websites.
Ensure you check everywhere, including information on employees’ remote computers. After inventorying all possible places you store sensitive information, track how the data moves through your business.
You should know:
- Who sends federal tax information. It might be customers, banks, other financial institutions, credit card companies, job applicants, credit bureaus, or any other business
- How you receive federal tax information. Maybe through the company’s website, email, or cash registers in stores
- The type of federal tax information you collect at each entry point
- Storage for private data. It might be a central computer database, cloud storage, individual laptop
- The people with access to the federal tax information — know employees with access permission and the reason to access the information
According to Revenue Code section 6103, your business and its employees are responsible for protecting all the federal tax returns and return information that it handles.
2. Only Keeping Federal Tax Information That Your Business Need
Your business shouldn’t keep federal tax information it doesn’t use. Even when you legally require federal tax information of people to run business, only keep it as long as necessary.
For instance, only use federal tax information for reporting employee taxes and avoid misusing it because you have it. If you’re developing a mobile app, ensure the application only accesses the data it requires to remain functional. Avoid collecting federal tax information unless it’s critical to the application’s product or service.
If you must collect and retain sensitive data, you must protect it. The best practice is to scale down access to federal tax information in your company. Each employee should only have access to the data they need for a particular job.
More importantly, create a written record retention policy that shows:
- The type of information you must keep
- How to secure information
- The period you’ll keep the data
- How to securely dispose of data when you no longer need it
3. Protection of the Federal Tax Information You Keep
Section 6103(i) allows your business to disclose federal tax information to the taxpayer and authorized representative. You can disclose specific federal tax information to agencies for particular reasons.
You need to know what you can and can’t disclose to protect the tax return information your organization keeps. The tax return information under the law includes:
- The taxpayer’s name
- Identification number
- Mailing address
- Any information extracted from the return
- Information of whether the return will, is being, or was examined or a subject to investigation
- Information on transcript accounts
- Investigation or collection history
- The fact that a return was filled or examined
- A tax balance due information
Regardless of the format, federal tax information is confidential, and the law governs how you make it known to any person in any manner. It’s a criminal offense to knowingly and willfully disclose federal tax information to an unauthorized person without a business need. The offense attracts penalties and even a jail-term sentence.
Internal Revenue Code section 7213 considers willful unauthorized disclosure of federal tax information a felony. The misconduct attracts an up to $5,000 fine or a jail sentence of up to five years. The offense can also attract both penalties plus the prosecution cost.
Section 7213A of IRC considers willful unauthorized access or inspection of federal tax information as a misdemeanor. The law applies to paper documents and computerized information, and its violation attracts a fine of up to $1000 and a jail term of one year.
Section 7471 allows the taxpayer whose tax return or return information has been knowingly exposed to seek compensation for civil damage. If the court establishes that there has been unauthorized disclosure or inspection, the taxpayer can receive damage compensation of $1,000 for each act of the violation.
To avoid such an expensive mistake, you should implement appropriate security practices. You should provide:
- Physical security to prevent paper loss or theft
- Electronic security by applying general network security, controlling access to sensitive information, restricting the use of personal devices for work purposes, installing firewalls to prevent cyber attacks
- Employee training to implement your data security plan
- Security practices of contractors and service providers
4. Proper Disposal of the Federal Tax Information You Don’t Need
Keeping data that you don’t use can be a goldmine for identity theft. However, leaving your employees’ or customers’ tax return information in a dumpster paves the way for fraud and risks identity theft.
You need to implement information disposal practices that prevent violation of disclosure acts. For instance, dispose of paper data by shredding or burning them.
When getting rid of the old computers, use software to wipe data beyond recovery securely. Ensure that employees working remotely follow the same data disposal practices.
Mathe Will Help Your Business Stay Compliant with IRS Regulations
Businesses require periodic reviews for compliance with all the data protection requirements. Mathe will help your business implement solutions that keep your business on the right side of the law.
We’ll shoulder all the heavy IRS compliance tasks so that you never have to worry about hefty fines or losing sensitive data. Contact us today to get started.
With over 35 years in the business of supporting and implementing technology for the SME market, and 6 years previously in Corporate IT and Voice. I have seen a great deal of change. The only common thread is I have always focused on the Business Wise application of Technology. We always try to look 5 years ahead of the current technology to make sure our clients are on the right track to meet current and future needs.