At the 2014 Growth+Profitability Summit, eFileCabinet CEO Matt Peterson gave a presentation entitled Document Retention and Privacy Laws, explaining to the audience of accountants how to be compliant with document retention and privacy laws that govern tax preparation and related accounting and financial client relationships.
Laws Governing Document Retention and Privacy
There are multiple laws in the United States that govern document retention and privacy. They include:
- IRC Section 6107(b): Records must be kept 3-5 years after the tax return period
- IRS Rev. Proc. 97-22: All types of tax documents may be electronic records as long as they are printable and protected.
- Electronic Signatures in Global and National Commerce Act (E-SIGN): With few exceptions, all documents, including signatures may be electronic.
- HIPAA: Yes, this applies to accountants! HIPAA is the minimum compliance requirement you need to worry about as an accountant.
Personally Identifiable Information (PII)
Personally identifiable information (PII) is any data that could potentially identify a specific individual. Accountants have lots of client data in their possessions, including phone numbers, addresses, and account-specific information. Possessing these documents makes an accountant personally liable. Liability specifics differs by state. A summary of the state-specific liability is available from Mintz Levin law office.
Gramm-Leach-Bliley Act
The Gramm-Leach-Bliley Act requires that financial institutions safeguard “nonpublic personal information”. Organizations whose activities are governed by the Gramm-Leach-Bliley Act must make disclosures regarding how they share client information when the customer relationship is established and no less than once each year thereafter. Accountants are subject to the Gramm-Leach-Bliley Act, and can incur severe penalties for violating what is required of them by this law.
Obligation of Accounting Professionals Towards Client Information
It is the responsibility of accountants to ensure that their clients’ personal information is kept safely. This obligation can be characterized through three concepts related to management of confidential records:
- Capture: Ensure that customer data is recorded in a confidential manner, securely.
- Manage: Keep customer data safe against hazards and threats in a system that has high integrity.
- Protect: Make sure there is no unauthorized access to confidential records.
Accountants can leverage technology to be compliant with their legal obligations towards client data. Setting up a paperless office the best way to achieve this level of data protection
Examples of Liability Breakdowns in Data Protection
Lots of examples can be cited of problems caused by individuals and companies who fail to meet their obligations for protecting client data. In 2013, an accountant who allowed confidential information for members of his client, Central Laborers’ Pension Fund, to be stolen from his car was held liable for damages that cost the firm $200,000. In another situation, a national bank had stored files containing pension information onto an encrypted flash drive. The password for the drive was written on a piece of paper. The drive was sent to another office via FedEx, who lost the envelope, creating a security risk that cost the bank over $100,000 in damages.
Business Continuity Planning
Business continuity planning is another significant consideration for document retention and privacy matters. The potential for disasters, in the form of floods, fires, earthquakes, and other natural and man-made disasters, may be more of a significant threat than you might think.
An example of solid business continuity planning occurred in February, 2006, when Fosselman and Associates suffered a total loss of their building due to fire. They were able to go back to work the next day by noon in a rented building. Their ten years’ worth of tax returns and critical documents were intact and available for use. In another example, a deadly tornado wiped out 95% of Greensboro, Kansas in 2007. Randy Kelly, CPA, was “Open for Business” the very next day using a makeshift desk and computer in the flattened remains of the building. These two examples have something in common: They both used electronic document management systems to store and manage their critical client information, which not only keeps them protected from data breaches, but also makes them available for use during an emergency.
Retention, Privacy Continuity Recommendations for Accountants
CPA’s and accounting firms have a lot to consider in regards to client confidentiality and their respective liabilities towards clients and their data. Using old-fashioned filing cabinets or software that doesn’t sufficiently fulfill those obligations can be risky, costly, and ultimately a poor choice.
eFileCabinet was originally developed specifically for accountants, and its products include features that specifically allow accountants to perform their jobs, including fulfilling their data protection obligations, with the most ease and with the least amount of stress and hassle.
To learn more about how eFileCabinet can help your firm, please contact us at (801) 374-5505 or fill out the form here to have us call you to arrange a demo of our software.