![Accountants and the FTC Safeguards Rule [2023 Full Guide]](https://www.scoopearth.com/wp-content/w3-webp/uploads/2023/04/image-402-768x512.pngw3.webp "image 402")
For accounting professionals, it’s crucial to adhere to the Federal Trade Commission’s (FTC) Safeguards Rule. The purpose of the Safeguards Rule is to make all accountants adhere to the new regulations and create the ISP (information security systems). If they fail to comply, it could lead to huge penalties, fines, and loss of business.
Table of Contents
What is the FTC Safeguards Rule?
The Free FTC Safeguards Rule Guide includes a range of rules that requires banks to design and execute a security program. The aim of the regulation is to secure sensitive information, like customers’ personal information, from unauthorized access to the information, its use, or disclosure.
The Safeguards Rule applies to all banks and also accounting firms providing financial services. Accounting firms are responsible for sensitive customer data, such as taxes as well as financial reports and records generally. It is crucial that they follow the Safeguards Rule to protect the privacy and reliability, and accessibility of the information.
When is the FTC Safeguards Rule Deadline?
The 9th day of June 2023 is when accounting companies, regardless of size, must conform to the rules in the FTC Safeguards Rule.
What are the Requirements of the FTC Safeguards Rule?
The FTC Safeguards Rule requires financial institutions to develop and implement a successful cybersecurity program for their information. The program must be tailored to the requirements and complexity of an institution, in combination with its nature as well as the extent of its activities.
The Safeguards Rule requires financial institutions, including accounting firms:
- Select a reputable business to oversee the security program.
- Perform a risk assessment to determine the external and internal threats to the security as well as the integrity and confidentiality of customer information.
- Develop and implement an information security strategy that incorporates administrative, technical, physical, and administrative security procedures to protect the information of customers.
- Check and frequently test the security program for data to find and correct any flaws and ensure its efficiency.
- Re-evaluate and alter the security program to include information as a response to the advancement of technology, the security of data from clients as well as external and internal threats.
- A professional who is qualified must report at least once per year to the board with information about cybersecurity.
- Check your security provider on a regular basis and make any adjustments, if necessary.
- Check that your security software (ISP) is up-to-date.
- Keep an updated incident response strategy for responding to an incident.
What makes compliance with the FTC Safeguards Rule so important for accountants?
Compliance with the free FTC Safeguards Rule Guide is essential for accountants because of many reasons. Here are a few important benefits of adhering to The Safeguards Rule:
- Secure information for sensitive data: Accountants have access to a range of information that hackers could like. One return may include enough information to carry out identity theft. It is essential to be safe from access by unauthorized individuals and secure.
- Establishes trust with your clients by having documents such as a Cyber Safeguards Compliance, and posting the same on your site or LinkedIn will let others know that you care about security and are part of the process of conducting transactions with your company.
- Stays clear of legal acts: there can be substantial penalties that could force businesses out of business because of an incident involving data. An average data security breach can result in millions of dollars in compensation, as well as permanent reputational damage.
- Improves your credibility Improves your reputation: Improves your reputation: Safeguards Rule helps others view your accountant as a progressive one who is focused on the safety of information. So they can feel confident in you, and ultimately they’ll decide that they’ll work with your accountant and you. It is usually a matter of whether your client is able to trust and believe in your business.
- Enhances Performance: Ensuring weaknesses are repaired, and security precautions are taken will allow the process to run efficiently. Smooth means fast and speedy means higher capacity. With more capacity, your company will be able to achieve more in a shorter amount of time.
Do you have a view about what you think of the FTC Safeguards Rule December 2022?
The initial deadline for compliance was on December 9th and 22nd. The FTC decided to change the deadline to 6/9/23 in order for companies to be given the time they need to comply with the deadline. The current deadline is 6/9/23.
What are the rules to be met for Safeguards Rule 2023?
What are the terms that are included in the six-month extension? The extension made public in the latter part of 2022 will incorporate new regulations.
- Choose a competent person to supervise their security plan.
- Write a risk assessment in writing.
- Limit and limit who has access to the sensitive data of customers to the customer.
- All sensitive data should be secured.
- Secure personnel in training
- Develop an incident response strategy.
- Check regularly for security measures that are implemented by service providers.
- Utilize multi-factor authentication or another method that offers the same security to all that have access data of customers.
If I’m already using WISP, is that similar to an ISP?
The WISP is an information security program that is written Accounting professionals who have PTINs and are required to renew their licenses. PTIN’s need to renew their licenses is different from the ISP, Information Security Program. Although the fundamental elements are similar, the written plan for information security (WISP) will define the security protocols and procedures that the company has to adhere to in different scenarios.
An ISP can be described as the Information Security Program. It provides the details of how you can protect your company. Consider the WISP as the plan and the ISP as the actual implementation. Even though the planning process is just half of the fight, the actions speak in the way of words.
What should I be in mind?
We’ve compiled a comprehensive Top 10 Mistakes to Avoid Checklist, which you can find here:
What Are The Penalties for Non-Compliance with the FTC Safeguards Rule?
Accounting firms can be penalized civilly as high as $46,517 for every offense FTC.gov.
What Size Firms Does The FTC Safeguards Rule Apply To?
This is true for businesses that are of any size. There are a few less stringent requirements for compliance for businesses that are able to access less 5 thousand documents. Be aware if you are able to access your client’s customer database via services like Quickbooks Online, this counts as having more PII records.
When you’ve got 500 clients, and each has 100 customers, you’ll have access to 50k records and comply with all requirements.
Smaller companies that earn less than 100 per year in individual returns could have been able to lower the thresholds.
While it’s not legally mandated but it’s still common sense regardless of whether the government is insisting that you safeguard your customers.
Moving Forward…
In general, being in conformity with The Free FTC Security Rule Booklet is vital for accountants handling sensitive customer data, which includes tax accountants. Therefore, it is essential for accountants to follow the most recent security of data (ISP) standards. It’s not just about fulfilling the requirements of the government by completing boxes and demonstrating your care and good business practices, as well as helping to protect your client’s information.
