As a CPA firm, you are the guardian of countless pieces of sensitive information. This leads to exceptionally high security compliance requirements – something every CPA firm should be aware of and take seriously.
When it comes to the Federal Trade Commission’s (FTC) Safeguard Rule, there are certain requirements specific to CPA firms. This guide will cover everything your firm needs to know to maintain compliance with the revised FTC Safeguards Rule, avoid fines, and adequately protect your clients’ information.
In a nutshell, the rules require financial institutions within the FTCs jurisdiction to have proactive measures that work to protect customer information and keep it secure.
The FTC recently hosted a national forum, asked for public comments, and reviewed commentary from consumers and businesses. The result is a revised Standards for Safeguarding Customer Information, also often referred to as the Safeguards Rule.
The stakes are high for CPA firms–under the revised rules, penalties are serious. Firms risk penalties of $100,000 per violation and $43,000 per day for each consent violation, in addition to other potential fines for not maintaining compliance.
If the answer to either or both of these questions is “no,” it’s time to take a closer look at what your CPA firm is doing to prioritize cybersecurity. This new publication linked below is an important reminder of the responsibility of CPA firms to ensure their business practices reflect current protocols and laws and address new security risks.
Additional information from the FTC:
Understand if you must comply with all nine elements of the information security program requirement or if you are small enough to be exempt from some of the elements.
If your firm has less than 5,000 consumer records ever, two elements have a reduced scope, and two of the nine elements do not apply (reference). Unfortunately, unless you are a startup with only a few clients, you likely exceed the record limit and need to comply with all nine elements.
Here is a quick way to calculate how many consumer records you have access to:
For most firms, this total will exceed 5,000 because access to just one or two large clients’ bookkeeping systems exposes you to thousands of records that count toward the FTCs benchmark.
When your business deals with private financial information, you have no choice but to take cybersecurity seriously.
PK Tech was founded with a deep history of supporting CPA firms to maintain compliance and security for their clients. If this blog has inspired you to make a cybersecurity update, we would love to support you. At PK Tech, we work with small to medium-sized businesses–and specifically several CPA firms–in the Greater Phoenix Area to provide IT security assessments, ongoing support, and help on special consulting projects.
Evaluate your FTC Safeguards Rule readiness by taking our quiz, then schedule a time to chat with our team to determine your next steps as firm.