Data security can protect your business as well as your clients!
Federal Trade Commission
Under the Safeguards Rule, ﬁnancial institutions must protect the consumer information they collect. Learn if your business is a “ﬁnancial institution” under the Rule. If so, have you taken the necessary steps to comply?
Many companies collect personal information from their customers, including names, addresses, and phone numbers; bank and credit card account numbers; income and credit histories; and Social Security numbers. The Gramm-Leach-Bliley (GLB) Act requires companies deﬁned under the law as “ﬁnancial institutions” to ensure the security and conﬁdentiality of this type of information. As part of its implementation of the GLB Act, the Federal Trade Commission (FTC) issued the Safeguards Rule, which requires ﬁnancial institutions under FTC jurisdiction to have measures in place to keep customer information secure.
But safeguarding customer information isn’t just the law. It also makes good business sense. When you show customers you care about the security of their personal information, you increase their confidence in your company. The Rule is available at ftc.gov.
The definition of “financial institution” includes many businesses that may not normally describe themselves that way. In fact, the Rule applies to all businesses, regardless of size, that are “significantly engaged” in providing financial products or services. This includes, for example, check-cashing businesses, payday lenders, mortgage brokers, nonbank lenders, personal property or real estate appraisers, professional tax preparers, and courier services.
National Institute of Standards and Technology
NIST – Information Security Fundamentals
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technol-ogy (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s measurement and standards infrastructure.
Small businesses are an important part of our nation’s economic and cyberinfrastructure. According to the Small Business Administration, there are approximately 28.2 million small businesses in the United States. Small business is deﬁned as an organization/business of fewer than ﬁve hundred employees. These businesses produce approximately 46 % of our nation’s private-sector output and create 63 % of all new jobs in the country [SBA FAQ].
For some small businesses, the security of their information, systems, and networks might not be their highest priority. However, an informa-tion security or cybersecurity incident can be detrimental to their business, customers, employees, business partners, and potentially their community. It is vitally important that each small business understand and manage the risk to information, systems, and networks that support their business.
IRS – Protecting Tax Payer Information is the Law!
Data thefts at tax professionals’ offices are on the rise. As the Security Summit makes progress, identity thieves need more taxpayer data to file fraudulent tax returns. And they have placed tax practitioners firmly in their sights.
Data security is now a necessity for every tax professional, whether a partner in a large firm or a sole practitioner and every Authorized IRS e-File Provider. Every employee, both professional and administrative staff, should be educated about security threats and safeguards. Everyone has a role to play in protecting taxpayer information.
Protecting taxpayer data is the law. Federal law gives the Federal Trade Commission authority to set data safeguard regulations for various entities, including professional tax return preparers. According to the FTC Safeguards Rule, tax return preparers must create and enact security plans to protect client data.
Failure to do so may result in an FTC investigation. Online providers also must follow the six security and privacy standards in Publication 1345, Handbook for Authorized IRS e-file Providers of Individual Income Tax Returns.
Protecting taxpayer data is good business. Data security can protect your business as well as your clients. Theft may also mean a loss of reputation, a loss of clients, or a loss of money. Consider engaging security professionals for assistance or check with your professional liability carrier about data theft coverage.
How can we help?
ITNEXT has the experience and knowledge to help protecting your business.
We’ve built a checklist of all requirements speciﬁed by the IRS, NIST, and FTC in order to make it easy for our customers. We’ve leveraged key enterprise technologies and strategies to make it affordable to Small-Medium Businesses. We provide enterprise-level security infrastructure through our partnerships with the most recognized vendors in the industry. We know one solution does not ﬁt all customer’s needs, and that is the reason why we have come up with a checklist that can be mapped to different technologies from different providers. We, as consultants, our job is to determine the best strategy based on your needs.