IRS Now Requires Written Cyber Security Plans
The US Internal Revenue Service (IRS) has decided that paid tax preparers must enact written cyber security plans to help protect their clients’ personal data. The Cybersecurity and Infrastructure Security Agency (CISA) and the IRS both released statements to remind tax preparers of the policy.
The US Federal Trade Commission (FTC) has the ability to set policy under The Financial Services Modernization Act of 1999, known as the Gramm-Leach-Bliley (GLB) Act. The FTC has determined that organizations, including professional tax return preparers, must plan and organize their cyber security data protection policies in written format. Tax preparers have tranches of personal data including names, birthdates, income history, social security numbers, and bank accounts information – a gold mine for any hacker.
The Internal Revenue Service (IRS) has issued a news release reminding professional tax preparers that they are required by law to have a written data security plan. Creating and maintaining a data security plan ensures that tax professionals are reviewing their data security protections and implementing appropriate safeguards. Creating a data security plan is part of the Taxes. Security. Together. checklist, which the IRS created to help tax professionals protect sensitive taxpayer data.
IRS Commissioner Chuck Rettig said, “Creating and putting into action a written data security plan is critical to protecting your clients and protecting your business.” The Security Summit partners created a checklist, “Taxes-Security-Together” to help small tax preparers get started with their cyber security plan. IRS Publication 4557, Safeguarding Taxpayer Data (PDF), details the needed security measures.
Oakland Bans Facial Recognition
The city of Oakland, California became the third city in the United States to ban the use of facial recognition technology for municipal uses. The ban means that law enforcement may not use facial recognition to track citizens movement or to access databases of photos from drivers’ licenses to match criminals to known identities. Oakland joins Somerville and San Francisco both of which are in California. In May, Perceptics, a US technology firm that sells land border security technologies to governments was hacked. Data from drivers’ whereabouts and images from vehicles was stolen.
Data Breach Fines Get Serious
Equifax is one of many fines levied in recent months due to data breaches. Equifax was recently fined $700 million USD after its 2017 data breach resulted in the theft of personal data from about 147 million people. In April, Yahoo settled for a $117.5 million deal after its previous offer of only $50 million was rejected by the U.S. District Court . In the Yahoo data breach, 200 million people had sensitive data stolen from their Yahoo accounts. Both Yahoo and Equifax will give victims free credit report monitoring.
This month Bulgaria’s Ministry of Finance was hacked. Nearly every Bulgarian citizen was affected when the data of nearly five million people was taken from the country’s National Revenue Agency (NRA) Compromised data also includes files from the European Union’s anti VAT fraud network, the NRA may face a fine of 20 million Euros.
