IRS Adds Security Requirement to W-12 PTIN Application and Renewal Form

Published October 21, 2019 By By Roman H. Kepczyk, CPA.CITP, CGMA, PAFM
This article first appeared on CPAPracticeAdvisor.com.

The IRS recently released the updated W-12 (PTIN Application Renewal) form and one of the questions that preparers will need to take note of is #11-Data Security Responsibilities which states: “As a paid tax return preparer, I am aware of my legal obligation to have a data security plan and to provide data and system security protections for all taxpayer information. Check the box to confirm you are aware of this responsibility.”  Security responsibility and resources are outlined in IRS Publication 4557-Safeguarding Taxpayer Data and IRS Publication 5293-Data Security Resource Guide for Tax Professionals.

“Protecting taxpayer data is the law” according to IRS Publication 4557 which states that tax preparers must create and enact security plans to protect client data and online filers must comply with the “Security Six”  and privacy standards set in IRS Publication 1345-Handbook for Authorized IRS e-File Providers of Individual Income Tax Returns.  The Security Six refers to the use of anti-virus software, firewalls, multi-factor authentication, backup software/services, drive encryption and virtual private networks as outlined in the IRS’s publication: “Tax Security 2.0.”

To create a written data security plan the IRS provides guidance in Publication 4557 as well as recommending the National Institute of Standards and Technology document on “Small Business Information Security-The Fundamentals.” 

Publication 4557 states that tax preparers must be able to understand basic security steps and how to take them, recognize the signs of data theft and how to report a theft, be able to respond and recover from a data loss and understand and comply with the FTC Safeguards Rule.  Tax preparers must also learn to recognize phishing emails, utilize security software, and generally be able to work safely on the Internet as outlined in the guide. It is recommended that all firms assign a tax person to work with the firm’s internal information technology personnel and an outsourced information security provider to get the firm in compliance with these IRS regulations.

Roman H. Kepczyk is the Director of Firm Technology Strategy for Right Networks and consults exclusively with accounting firms throughout North America to implement today’s digital best practices and technologies.  In addition to being a CPA.CITP, he is a Lean Six Sigma Black Belt and incorporates Lean Six Sigma methodologies to help firm’s optimize their production workflows.