Login
Search
Close this search box.
Accounting Resource

How Successful Accountants Manage Client Information Safely and Efficiently

/Posted by / 0
How Successful Accountants Manage Client Information Safely and Efficiently
Accounting Resource

For accountants, dealing with sensitive personal and financial information is part of the daily grind. Maintaining high standards of care and confidentiality at all times is vital.

A breach of clients' information can result in a loss of trust and profits, penalties and fines, and even the revocation of your license. However, in the rush of tax season or while managing multiple accounts at once, data protection likely isn't your priority.

Still, managing client-sensitive information safely and efficiently is essential, even during the busiest times of the year. To make this feat easier, we'll explore exactly why that is, and discuss some practical strategies to ensure your focus on client confidentiality doesn't hamper the quality of your work.

Let's get started…

What Counts as Client Sensitive Information? 

First and foremost, it's important to know what information you'll need to protect. Broadly speaking, sensitive information constitutes "any data that, if compromised, could lead to harm, loss, or unauthorized access." But, in practice, this refers to several sometimes-unexpected things.

Client-sensitive information includes, but may not be limited to:

  • Social Security Numbers
  • Passport numbers
  • Driver's license numbers
  • Address or location information
  • Bank account information
  • Credit card information
  • Investment account details
  • Tax Returns and W-2 Forms
  • 1099 Forms
  • Other income documentation
  • Proprietary financial data
  • Client contracts and agreements
  • Business tax filings
  • Health Savings Account details
  • Medical expense records
  • Passwords for online accounts
  • Biometric information
  • Security questions and answers
  • Emails and other correspondence between you and a client
  • Internal memos related to clients
  • Estate plans and wills
  • Power of Attorney documents

For a comprehensive list, or if you need clarification on a particular document or piece of data, it's best to check your firm's policies or contact your attorney.

As you can see, various types of information are considered sensitive. These can be physical documents stored in a filing cabinet in your office or data points stored in a spreadsheet with a thousand rows. No matter what kind of sensitive information you're dealing with, applying the same care and accountability for its protection is crucial.

However, it's likely that you will have to share some of the above information with your colleagues or even third parties like executors as part of your role. This undoubtedly complicates the questions surrounding client-sensitive information.

What the Law Says About Client Sensitive Information 

The situation gets more complicated as the US has yet to pass one holistic law that governs accounting and data privacy, or even data privacy in general. Instead, as an accountant, you'll need to familiarize yourself with various regulations, requirements, and mandates that lay out specific data protection obligations.

Below is a breakdown of some of these laws. To ensure you've got the whole picture, check whether there are any state-specific laws or requirements you'll need to abide by.

Gramm-Leach-Bliley Act (GLBA) 

The Gramm-Leach-Bliley Act focuses on protecting consumers' personal financial information. This includes data held by accounting firms. Under GLBA, you must:

  • Ensure client data remains private and protected.
  • Disclose privacy practices to clients, informing them how their information is used and protected.
  • Set up safeguards to stop unauthorized access to or use of client information.

Health Insurance Portability and Accountability Act (HIPAA)

While HIPAA primarily deals with protecting health information, it's relevant if you handle health-related financial data like Health Savings Accounts (HSAs) or medical expense records. It states that you must:

  • Ensure Protected Health Information (PHI) is private and secure.
  • Implement measures to prevent unauthorized access to health-related financial data.
  • Comply with privacy rules regarding the disclosure and use of PHI.

California Consumer Privacy Act (CCPA)

Although CCPA is, in theory, a state-specific act, it was the first comprehensive data protection act passed in the US. As such, it's often used as a blueprint for other states' data privacy legislation. It's applicable if your firm grosses over $25 million per year, operates or has clients in California, or is partnered or works with a firm in California. Under CCPA, you must:

  • Provide clients with the right to know what personal information is collected, used, shared, and sold.
  • Allow clients to access and delete their personal information if they wish to do so.
  • Implement security measures for personal information, and comply with clients' rights to opt out of data sales.

The IRS Publication 4557

If you deal with taxpayer information, you'll need to familiarize yourself with the IRS guidelines known as 'Safeguarding Taxpayer Data'. This publication outlines compliance measures for accountants and tax professionals to prevent data leaks and maximize security. Though not compulsory, following the guidelines in this publication can help you stay on the right side of the above laws, and protect yourself from penalties. To ensure compliance, you'll need to:

  • Create a security and backup/recovery plan outlining procedures for protecting client information and responding to potential leaks.
  • Encrypt sensitive client data, whether it's being sent or used, to prevent unauthorized access during storage or transmission.
  • Train employees on data security best practices, phishing awareness, and how to respond to potential security incidents.

Finally, in addition to legal requirements, there are various codes of ethics you'll need to follow depending on how and where you're licensed. Each of these lays out specific confidentiality requirements. Here are a few examples:

AICPA Code of Conduct Section 7216 - "A member in public practice shall not disclose any confidential client information without the specific consent of the client."

International Federation of Accountants Code of Ethics Subsection 114 - "An accountant shall not disclose confidential information required as a result of professional and business relationships outside the firm or employing organization without proper and specific authority, unless there is a legal of professional duty or right to disclose."

NASBA Uniform Accountancy Act Section 18 - "Except by permission of the client for whom a licensee performs services or the heirs, successors, or personal representatives of such client, a licensee under this Act, shall not voluntarily disclose information communicated to the licensee by the client relating to and in connection with services rendered to the client by the licensee. Such information shall be deemed confidential…”

Essentially, unless your client gives express permission, their information should remain within your firm. Additionally, you need a plan to protect that information from leaks and breaches.

Client Confidentiality Tips from Accountants 

Now that you know what constitutes sensitive information and the regulations and requirements you'll need to abide by when dealing with it, let's examine some of the ways established accountants ensure they manage this data safely and efficiently.

Encrypt Data 

The easiest way to protect digital information is to implement end-to-end encryption. This makes it almost impossible for cybercriminals to access your firm's data, and ensures that only those authorized to review and use client-sensitive information have the 'key' necessary to do so.

The easiest way to ensure your cloud accounting systems and communication software have end-to-end encryption is to ask the software provider. If you're one of the many accounting firms switching to digital accounting, do research in advance to find out which software offers the highest standard of information security.

End-to-end encryption doesn't just protect your clients' data. It also demonstrates that you're taking steps to protect them, establishing your firm as a great choice for potential clients. As Elena Meshki, licensed accountant and tax advisor, says, "[Encryption] not only fosters trust but also positions the accounting service as a reliable and secure partner in managing sensitive financial data."

Physical Document Policies 

Despite the efficiency of cloud accounting software and other technological advancements in accounting, many firms have yet to integrate these tools into their practice. Joel Hughes, CEO of Rightworks, stated, "Ironically, our survey showed that security, often cited as one of the biggest benefits of technology adoption, is also a top concern firms cite for not moving to the cloud."

However, even though data breaches are on the rise and digital accounting solutions may seem less secure, you shouldn't underestimate the risk of physical breaches. In many cases, a break-in is the first step for a cybercriminal to conduct a hack, while accounting firms are at a higher risk of internal theft and employee fraud.

To combat these physical breaches, your firm will need to store physical documents in locked cabinets in locked rooms, limit access to them with keycards or a sign-out system, and integrate traditional security measures like alarms and cameras. Additionally, regularly auditing your physical security can highlight any potential 'blind spots.'

Educate Your Clients and Partners

Daniel Stachowiak, MD at MyDocSafe, stated in conversation with AccountingWeb that "An accounting firm can protect its most important, sensitive data with a private army, but if an ancillary system is exposed or a supplier or client is not using effective security checks, then the accounting firm is going to be under threat."

You don't have to prepare an in-depth data protection course like the training you complete, but it's worth reminding clients how and why they should strive to protect their information. In addition to Multi-Factor Authentication, strong password requirements, and a zero-trust policy, a simple, pre-written sign-off on emails or a brief recap at the end of a meeting will work well.

Ensuring that your partners and third-party companies, such as document delivery services, employ sound data protection methods is slightly different. You'll need to do your due diligence, perhaps even request that they complete an audit and share their findings, to ensure these companies and organizations care about client confidentiality as much as you do.

In Conclusion… 

Managing client-sensitive information safely and efficiently is crucial for accountants. This is not only to comply with various legal requirements but also to maintain client trust and ensure the longevity of your practice.

By implementing proactive protective measures like end-to-end encryption, employee and client education, access policies, and audits in your practice, you can rest assured that your clients' information is safe, even if protecting it is not your number one priority during busier periods.

Despite this, it's important to remain vigilant and look for potential weaknesses. Feel free to discuss with your colleagues how you can improve security, and familiarize yourself with your firm's policies when needed.

Sources

Tags: , ,

About author

About Author

Denise Grier

Denise Grier is a freelance writer, pro blogger, SEO and WordPress expert.

Related posts

Add comment

Your email address will not be published. Required fields are marked

Check Out Our Most Recent Products

Skip to content