WASHINGTON, D.C. — In a continued effort to protect taxpayer information and combat the growing threat of identity theft, the Internal Revenue Service (IRS) and its Security Summit partners have reiterated the federal requirement for tax professionals to maintain a Written Information Security Plan (WISP). This directive is part of a broader campaign to bolster cybersecurity across the tax preparation industry.
The reminder forms the third installment of the IRS’s five-part summer series titled “Protect Your Clients; Protect Yourself,” aimed at equipping tax professionals with the tools and knowledge necessary to safeguard sensitive data. These guidelines come amid an evolving cyber threat landscape where financial professionals remain prime targets for data breaches.
At the heart of this initiative is compliance with the Gramm-Leach-Bliley Act (GLBA), which mandates that all financial institutions—explicitly including tax preparers and accounting firms—develop, implement, and maintain robust data protection protocols. Under the law, firms are obligated to designate staff to oversee security efforts, conduct thorough risk assessments, test and monitor defenses, and ensure that third-party service providers meet equivalent security standards.
A comprehensive WISP, according to federal guidelines, should cover three critical areas: employee management and training, information systems security, and procedures for detecting and responding to system failures. The IRS notes that such a plan must be written, regularly tested, and updated as needed—particularly in response to operational changes or findings from ongoing monitoring.
To assist practitioners in developing these plans, the IRS offers Publication 5708, a 28-page template that outlines how to build a compliant WISP from the ground up. Tailored especially for smaller practices, the guide walks users through legal obligations and best practices, helping firms align with the Federal Trade Commission’s (FTC) Safeguards Rule.
In addition to planning, the IRS strongly recommends that tax professionals establish a response strategy for data breaches. In the event of a security incident, practitioners are encouraged to notify their IRS Stakeholder Liaison and, when applicable, their state tax authority. Furthermore, any data breach affecting 500 or more individuals must be reported to the FTC within 30 days.
The WISP and related security resources are being emphasized throughout the summer at the IRS Nationwide Tax Forum, a traveling series of educational events for tax professionals. Forums in New Orleans, Orlando, Baltimore, and San Diego are expected to draw attention to the growing need for proactive cybersecurity in the industry.
As the IRS continues its outreach, the message is clear: securing client information is not just good practice—it is a legal responsibility. Tax professionals are urged to act now to ensure their operations meet federal standards and are prepared to respond quickly and effectively to potential threats.
For the latest news on everything happening in Chester County and the surrounding area, be sure to follow MyChesCo on Google News and MSN.