Accounting Document Retention and Privacy Laws

At the 2014  Growth+Profitability Summit, eFileCabinet CEO Matt Peterson  gave a presentation entitled  Document Retention and Privacy Laws, explaining to the audience of accountants how to be compliant with document retention and privacy laws that govern tax preparation and related  accounting and financial  client relationships.

Laws Governing Document Retention and Privacy

There are  multiple laws in the United States that govern document retention and privacy. They include:

  • IRC Section 6107(b): Records must be kept 3-5 years after the tax return period
  • IRS Rev. Proc. 97-22: All types of tax documents may be electronic records as long as they are printable and protected.
  • Electronic Signatures in Global and National Commerce Act (E-SIGN): With few exceptions, all documents, including signatures may be electronic.
  • HIPAA: Yes, this applies to accountants! HIPAA is the minimum compliance requirement you need to  worry about as an accountant.

Document Retention Regulations Require DMS Software

Personally Identifiable Information (PII)

Personally identifiable information (PII) is any data that could potentially identify a specific individual.  Accountants have lots of client data in their possessions, including phone numbers, addresses, and account-specific information.  Possessing these documents makes an accountant personally liable. Liability specifics differs by state.  A summary of  the state-specific liability is available  from Mintz Levin law office.

Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act requires that financial institutions safeguard “nonpublic personal information”. Organizations whose activities are governed by  the Gramm-Leach-Bliley Act must  make disclosures regarding  how they share client information when the customer relationship is established and no less than once each year thereafter. Accountants are subject to the  Gramm-Leach-Bliley Act, and can incur severe penalties for violating what is required of them by this law.

Obligation of Accounting Professionals Towards Client Information

It is the responsibility of accountants to  ensure that their clients’ personal information is kept safely. This obligation can be characterized through three concepts related to  management of confidential records:

  • Capture: Ensure that customer  data is recorded in a confidential manner, securely.
  • Manage: Keep  customer data safe against hazards and threats in a system that has high integrity.
  • Protect: Make sure there is no unauthorized access to confidential records.

Document Retention Schedule Requirements

Accountants can leverage technology to be compliant with their legal obligations towards client data. Setting up a paperless office the best way to achieve this level of data protection

Examples of Liability Breakdowns in Data Protection

Lots of examples  can be cited of  problems caused by individuals and companies who fail to meet their obligations for protecting client data.  In 2013, an accountant who allowed  confidential information for members of his client, Central Laborers’ Pension Fund, to be stolen from his car was held liable for damages that cost the firm  $200,000. In another situation, a national bank had  stored files containing pension information onto an encrypted flash drive.  The password for the drive was written on a piece of paper. The drive was sent to another office via FedEx, who lost the envelope, creating a security risk that cost the bank over $100,000 in damages.

Business Continuity Planning

Business continuity planning is another significant consideration for document retention and privacy matters. The potential for  disasters, in the form of floods, fires, earthquakes, and other natural and man-made disasters, may be more of a significant threat than you might think.

An  example of solid business continuity planning occurred in  February, 2006, when Fosselman and Associates suffered a total loss of their building due to fire. They were able to go back to work the next day by noon in a rented building. Their ten years’ worth of tax returns and critical documents were intact and available for use.  In another example, a deadly tornado wiped out 95% of Greensboro, Kansas in 2007. Randy Kelly, CPA, was “Open for Business” the very next day using  a makeshift desk and computer in the flattened remains of the building.  These two examples have something in common:  They  both used electronic document  management systems to  store and manage their critical client information, which not only keeps them protected from data breaches, but also makes them available for use during an emergency.

Retention, Privacy Continuity Recommendations for Accountants

CPA’s and accounting firms have a lot to consider  in regards to client confidentiality and their respective liabilities towards clients and their data. Using old-fashioned filing cabinets or software that doesn’t sufficiently fulfill  those obligations can be risky, costly, and ultimately a poor choice.

eFileCabinet was originally developed specifically for accountants, and its products include  features that  specifically allow accountants to perform their jobs, including fulfilling their data protection obligations, with the most ease and with the least amount of stress and hassle.

To learn more about how eFileCabinet can help your firm, please contact us at  (801) 374-5505 or fill out the form here to have us call you to arrange a demo of our software.