CPE/CE 2 Credit Hours Disclosing Client Information Disclosures, Use, Consent Requirements Interactive Self-Study CPE/CE Course
Course Overview Program Content: Publication Date: September 2015. Expiration Date: Field of Study: Program Level: Recommended Participants: Prerequisites: Advance Preparation: Type of Delivery Method: Disclosing Client Information Self-Study CPE/CE CPE/CE Credit Hours: Passing Grade: Record Retention: This course provides continuing professional education (CPE/CE) to enhance understanding of rules that apply to disclosure and use of client tax return information by a tax return preparer. Subject matter includes allowable disclosure and use, as well as the wording and manner of obtaining mandatory consents from clients to disclose or use their tax return information. The Final Exam must be completed online within one year from your date of purchase or shipment. See the Final Examination Instructions on the next page for information regarding final exam completion. Taxes. Overview. This course provides a general overview of the subject area from a broad perspective. It is appropriate for tax professionals at all organization levels. Tax professionals who prepare tax returns or otherwise have access to taxpayer information obtained as part of a tax preparation engagement. None. No advanced preparation is needed to complete this course. Interactive self-study. 2 Credit Hours. One 50-minute period equals one CPE/CE Credit Hour. Participants who answer a minimum of 70% correct on the final exam will receive a Certificate of Completion. See the Final Examination Instructions on the next page for further information regarding passing requirements and acquiring the Certificate of Completion. As an IRS-approved provider of continuing education, Tax Materials, Inc. will report successful completion of this course to the IRS. According to the IRS, at some point in the future, you will be able to view your completed continuing education credits through your online PTIN account. Complaint Resolution Policy: Please contact our customer service department toll-free at 1-866-919-5277. Refund Policy: 30-day money-back guarantee. For information about our refund, complaint, and/or program cancellation policies, visit our website at www.thetaxbook.com. Tax Materials, Inc. is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.learningmarket.org. National Registry of CPE Sponsors ID Number 109322 In accordance with the standards set forth in Circular 230, section 10.6, CPE/CE credits have been granted based on a 50-minute hour. IRS Program Number is 7VT8K-E-00067-15-S Tax Materials, Inc. has been approved by the California Tax Education Council to offer the Disclosing Client Information Self-Study CPE/CE Course 6193-CE-0035, which provides 2 hours of federal credit and 0 hours of state credit towards the annual continuing education requirement imposed by the State of California. A listing of additional requirements to register as a tax preparer may be obtained by contacting CTEC at P.O. Box 2890, Sacramento, CA, 95812-2890, toll-free by phone at 1-877-850-2832, or on the internet at www.ctec.org. CTEC Course ID Number 6193-CE-0035 Copyright 2015 Tax Materials, Inc. All Rights Reserved TheTaxReview Disclosing Client Information Overview i
Disclosing Client Information Self-Study CPE/CE Course Completion Instructions Helpful Hint: Attempt to relate your tax preparation experience with the information you are studying. By doing so, you will increase retention and maximize your results. Also, utilize the Notes sections to jot down reminders and information that will be helpful to you in your tax practice. Follow the instructions below: 1) Start each chapter by reading the Learning Objectives. 2) Read the course materials in the chapter. Pay close attention to: a) Key Facts: Information that is particularly pertinent to the Learning Objective. b) Examples: Review the examples to associate the information to real-world application. c) Notes: Many of the main points of the chapter are highlighted. Review the notes and try to relate the content with your experience. 3) Complete the Self-Quiz at the end of the chapter. The questions are broken out by Learning Objective. Review the Learning Objectives before completing each set of questions. Determine your progress by comparing your answers to the correct ones on the pages that follow. 4) After all chapters have been studied, and each Self-Quiz has been taken, complete the Final Exam located at the back of this instruction booklet. Final Examination Instructions Expiration Date Reminder: The Final Exam must be completed online within one year from your date of purchase or shipment. CPE/CE credits are not available more than one year after your date of purchase or shipment. All Final Exams are administered online at www.thetaxbook.com. It is recommended that you review the Final Exam at the end of the course before taking it online. Final Exams mailed in will not be graded. Follow the instructions below: 1) Go to www.thetaxbook.com. 2) Click on Login to Education Center, where you will find a location to log in to the Final Exam. 3) Enter your User Name in the self-study CPE/CE login location. The email address associated with your account at Tax Materials, Inc. is your User Name. If you do not have an email address, or have not provided one, please call our toll-free number at 1-866-919-5277 to be assigned a User Name. 4) Enter your Password. The zip code associated with your account is your password. If you are having difficulty logging onto the Final Exam, please call our toll-free number at 1-866-919-5277. 5) Select the Disclosing Client Information Exam and click the Take Exam button. 6) You will be taken to the Final Exam. First confirm your First Name and Last Name are correct. This is how your name will appear on your Certificate of Completion should you achieve a score of 70% or higher. Take the Final Exam. Read the questions carefully and answer them to the best of your ability. At the bottom of the exam, click on Submit Answers when finished. You will instantly know if you have passed the test. If you failed, you are able to retake the test. If you passed, the Certificate of Completion will be available for you to print. Complete Evaluation Form Please provide suggestions and feedback regarding this CPE/CE course. The last page contains an Evaluation Form. After completion, please mail to: Tax Materials, Inc. 15105 Minnetonka Ind. Rd., Ste. 221 Minnetonka, MN 55345 Thank you for helping us improve our CPE/CE course offerings! ii Overview TheTaxReview Disclosing Client Information
Learning Objectives / Table of Contents Chapter 1 Use and Disclosure of Tax Return Information.................................................... 1 1-A Identify actions that could result in criminal and civil penalties against a tax preparer for unauthorized disclosure or use of client tax information. 1-B Apply rules for obtaining consents to disclose or use tax information. 1-C Apply prescribed safeguards for verifying an electronic signature. 2 Protecting Client Information.................................................................. 17 2-A Apply principles of an effective data security plan. 2-B Identify problem areas relating to identity theft as explained by the Treasury Inspector General for Tax Administration (TIGTA). 2-C Recognize the components of the tax fraud and identity theft scheme set forth in the court decision in U.S. vs. Davis. Final Exam............................................................................................. 35 Index.................................................................................................. 39 Course Evaluation...................................................................................... 41 TheTaxReview Disclosing Client Information Table of Contents iii
iv Table of Contents TheTaxReview Disclosing Client Information
1 Use and Disclosure of Tax Return Information Learning Objectives Successful completion of this chapter will enable the participant to: 1-A Identify actions that could result in criminal and civil penalties against a tax preparer for unauthorized disclosure or use of client tax information. 1-B Apply rules for obtaining consents to disclose or use tax information. 1-C Apply prescribed safeguards for verifying an electronic signature. CPE/CE Glossary Terms Tax return. For purposes of the regulations governing disclosure, a tax return means any return, or amended return, of income tax imposed by the Internal Revenue Code. Tax return information. For purposes of the regulations governing disclosure, tax return information means any information, including but not limited to, a taxpayer s name, address, or identifying number furnished in connection with the preparation of a client s tax return. IRC section 7216. IRC section 7216 is the law that imposes criminal penalties for tax return preparers who knowingly or recklessly disclose or use tax return information for any purposes other than preparing a tax return. IRC section 6713. IRC section 6713 is the law that imposes civil penalties for tax return preparers who knowingly or recklessly disclose or use tax return information for any purposes other than preparing a tax return. Mandatory Consent. Unless an exception applies, regulations require affirmative consent from a taxpayer for a tax preparer to disclose or use the taxpayer s tax return information. Auxiliary Services. Services such as e-filing or tax software where taxpayer information is disclosed. Learning Objective 1-A Identify actions that could result in criminal and civil penalties against a tax preparer for unauthorized disclosure or use of client tax information. Criminal and Civil Penalties for Improper Disclosure or Use Internal Revenue Code section 7216(a) provides criminal penalties including fines up to $1,000 and imprisonment for up to one year for tax professionals who knowingly or recklessly disclose or use client information obtained in the course of a tax preparation engagement. Corresponding IRC section 6713 provides civil penalties of $250 for each infraction, up to a maximum of $10,000 per calendar year. The IRS has recently issued several new regulations, Revenue Procedures, and Revenue Rulings to clarify authorized use of client information and situations where affirmative consent to use the information is required. The IRS has recently issued several new regulations, Revenue Procedures, and Revenue Rulings to clarify authorized use of client information and situations where affirmative consent to use the information is required. TheTaxReview Disclosing Client Information Chapter 1 1
NOTES To the extent that a taxpayer s use of a hyperlink results in the transmission of tax return information, the transmission is a disclosure by the tax return preparer subject to penalty under IRC section 7216 if not authorized by regulations. IRC section 7216 was enacted in 1971. The IRS provided exceptions to the rules governing disclosure or use of client information. However, Treasury Regulation section 301.7216 had been substantially unchanged for over 30 years, and did not address the modern return preparation marketplace, particularly electronic filing and the cross-marketing of financial and commercial products and services related to tax preparation activities. The regulations were updated in 2008. In 2010, Revenue Rulings 2010-4 and 2010-5 were issued, providing guidance on how the regulations were to be applied. In 2013, Revenue Procedures 2013-14 was issued to provide guidance for tax professionals regarding the format and content of taxpayer consents to disclose and/or use tax information with respect to Form 1040 returns. The Revenue Procedures also provide specific requirements for electronic signatures when a taxpayer executes consent via an electronic document. Disclosures Defined The term disclosure in the context of tax return information casts an extremely wide net, defined in regulations as, the act of making tax return information known to any person in any manner whatsoever. Also, to the extent that a taxpayer s use of a hyperlink results in the transmission of tax return information, the transmission is a disclosure by the tax return preparer subject to penalty under IRC section 7216 if not authorized by regulations. Regulations authorize two types of disclosures. 1) Certain permissible disclosures without taxpayer consent. 2) Disclosures requiring affirmative consent to use the taxpayer s information Use Defined The term use in this context refers to situations where tax return preparers refer to, or rely on, tax return information as the basis to take or permit actions. Regulations authorize two types of uses. 1) Certain permissible uses without taxpayer consent. 2) Uses requiring affirmative consent to use the taxpayer s information. Disclosure Without Formal Consent of the Taxpayer Certain disclosures of client information are allowed without consent from the taxpayer. Note: Any disclosures not listed below require affirmative consent from the taxpayer. Disclosures that do not require affirmative consent include: Disclosure of client information by a tax preparer within the United States to an employee or member of the same firm located in the United States for purposes of assisting in the preparation of the client s return. Disclosure to an officer or employee of the IRS. Software companies that provide software to a taxpayer for purposes of updating the taxpayer s information or to ensure the software s technical capabilities. Certain preparer-to-preparer disclosures within the United States for purposes of preparing or assisting in the preparation of the return, or providing auxiliary services in connection with preparation of the return. These can include return processing services, and Authorized e-file Providers. 2 Chapter 1 TheTaxReview Disclosing Client Information
Disclosure of information to another tax return preparer located in the Untied States for the purpose of obtaining auxiliary services in connection with the preparation of any tax return, as long as the services provided are not substantive determinations or advice affecting the tax liability reported by the taxpayers. NOTES Use Without Formal Consent of the Taxpayer KEY FACT A tax return preparer is allowed to maintain a list with information used solely to contact taxpayers for purposes of providing tax information and general business or economic information for educational purposes, or soliciting additional tax return preparation services to the taxpayers. The list may not be used to solicit non-tax return preparation services to these taxpayers. For example, a tax preparer is allowed to send out newsletters explaining changes in tax law and whether the changes support filing amended returns or other actions recommended by the tax return preparer. Disclosures to Third Parties Although certain disclosures to third parties are specifically allowed under regulations, such as return processing services and e-file providers, at this point there is no clear guidance on other disclosures to third parties. For example, if a tax client makes a phone call to the tax preparer and asks the preparer to fax copies of a tax return to a mortgage broker to assist with securing a home loan, is an affirmative written taxpayer consent required? Since this type of disclosure is not specifically discussed in regulations, the tax preparer would be welladvised to secure the consent before disclosing the information, along with any other disclosures that are not specifically noted in regulations. Certain disclosures to third parties are specifically allowed under regulations, such as return processing services and e-file providers. EXAMPLE Max is a tax preparer. The state in which he practices passed a new law in April, right in the middle of tax season. Before the new law, the state did not allow several adjustments to income that were reported on federal Form 1040, and the amounts were required to be reported as additions to income on the state return. The new law allowed several of these adjustments to offset state tax as well as federal tax. Max has several clients who filed before the new law was passed, and need to file amended returns to claim refunds for the disallowed amounts. Max s use of client tax information to identify affected clients and inform them regarding the change in tax law is allowed. Max is also allowed to advise whether it would be appropriate to prepare and file the amended return, because those functions are for the purpose of preparing a tax return under the regulations. TheTaxReview Disclosing Client Information Chapter 1 3
NOTES EXAMPLE CodeSpeak is a company that provides services to the tax preparation industry by means of customizing tax newsletters containing tax law updates and distributing the newsletters to the clients of tax firms via email. CodeSpeak holds itself out as providing services that are auxiliary to tax return preparation. Because CodeSpeak provides services in connection with the preparation of tax returns performed by their customers tax firms, and CodeSpeak has sufficient data confidentiality procedures in place, CodeSpeak qualifies as both an auxiliary service provider and tax return preparer under regulations. CodeSpeak s customers can disclose client information to CodeSpeak without taxpayer consent to the extent necessary to distribute the newsletters. Regulations permit tax return preparers to use a list of client names, addresses, email addresses, phone numbers, and tax form numbers to provide clients general educational information. Affordable Care Act KEY FACT The same general principles that apply to other disclosures and uses of tax return information also apply in the case of issues related to health care reform and the Affordable Care Act. For example, regulations permit tax return preparers to use a list of client names, addresses, email addresses, phone numbers, and tax form numbers to provide clients general educational information, including information about the Affordable Care Act. The tax return preparer may mail general educational information to all clients regarding health care enrollment options available through the new health insurance marketplaces without obtaining consent. On the other hand, taxpayer consent will be required to solicit and facilitate client enrollment in health insurance exchanges. For example, tax return preparers, such as those who are also navigators, who use tax return information to solicit and facilitate health care enrollment must first obtain taxpayer consent to do so. Section 7216 Frequently Asked Questions Q. Who is a tax return preparer for purposes of IRC section 7216? A. Tax return preparers are persons that participate in the preparation of tax returns for taxpayers, including but not limited to: Return preparers that are in business or hold themselves out as preparers.* Casual preparers who are compensated. Electronic return originators.** Software Developers.** Electronic return transmitters.** Reporting Agents.** Intermediate Service Providers.** The definition also extends to those that assist others in preparing returns or performing auxiliary services in connection with preparing returns, or are employed by preparers and perform auxiliary services in connection with the preparation of tax returns. Note: * This includes volunteer preparers that participate in programs like VITA and TCE. ** These persons are part of the electronic filing arena and are collectively known as e-file providers (see also Revenue Procedure 2007-40). 4 Chapter 1 TheTaxReview Disclosing Client Information
Q. Have the new regulations changed the definition of tax return preparer? A. The new regulations clarify that e-file providers are considered tax return preparers and persons that perform auxiliary services for e-file providers in connection with tax return preparation are covered by the statute and regulations. The regulations also clarify that contractors receiving tax return information from tax return preparers are considered tax return preparers subject to the same provisions and penalties. Tax return preparers that engage contractors and disclose tax return information to them are required to inform contractors of the rules and consequences in a written notice. NOTES Q. What is tax return information? A. Tax return information is all the information tax return preparers obtain from taxpayers or other sources in any form or manner that is used to prepare tax returns or is obtained in connection with the preparation of returns. It also includes all computations, worksheets, and printouts preparers create; correspondence from IRS during the preparation, filing and correction of returns; statistical compilations of tax return information; and tax return preparation software registration information. All tax return information is protected by IRC section 7216 and the regulations. Q. When and how does a tax return preparer obtain consent to disclose tax return information? A. Tax return preparers must obtain consent to disclose tax return information before returns are provided to the taxpayer for signature and before tax return information is disclosed. Q. When and how does a tax return preparer obtain consent to use tax return information? A. Tax return preparers must obtain consent to use tax return information before tax return information is used and before returns are provided to the taxpayer for signature. Q. Do consents to disclose or use tax return information have expiration dates? A. Yes. The taxpayer and tax return preparer may agree to specify the period of time the consent will be effective and include the period in the consent form. If no period is specified the regulations state that the consent will be effective for a period of one year from the date the taxpayer signed the consent. Q. Have the rules changed for obtaining consents to disclose or use tax return information? A. Yes. The basic rules are still provided by Treas. Reg. section 301.7216-3, while additional rules can be found in Revenue Procedure 2008-35. These rules include the following notable changes: Multiple consents to disclose are permitted on one consent form. Multiple consents to use are permitted on one consent form. Consent form format requirements have changed. Certain prescribed language and warnings are now required. Electronic consent forms are expressly permitted. Electronic signatures on consent forms are expressly permitted. TheTaxReview Disclosing Client Information Chapter 1 5
NOTES Q. What are the special rules for disclosing tax return information outside the United States? A. Disclosing tax return information to another tax return preparer that is assisting in the preparation of the return or providing auxiliary services in connection with preparing the return generally does not require the consent of the taxpayer. However, if the other tax return preparer is located outside the United States or any territory or possession of the United States, the taxpayer must agree and sign a form consenting to the disclosure. Q. What are the special rules for disclosing Social Security numbers outside the United States? A. Generally, tax return preparers may not obtain consents to disclose Social Security numbers to tax return preparers located outside the United States or any territory or possession of the United States. If Social Security numbers are included in documents for which the tax return preparer has obtained the consent of the taxpayer to disclose the tax return preparer must redact or mask any Social Security number before disclosing the tax return information to a return preparer outside the United States. There is an exception. Social security numbers may be disclosed to tax return preparers located outside the United States if taxpayer consent is obtained and both the sending and receiving tax return preparers maintain adequate data protection safeguards defined in Revenue Procedure 2008-35. Q. Are the staffs of banks and credit unions that receive copies of tax returns in connection with applications for mortgages included within the definition of tax return preparers? A. No. They are ordinarily not covered because they ordinarily are not preparing a taxpayer s return, providing auxiliary services in connection with the preparation of tax returns, being compensated for preparing tax returns, or employed by a tax return preparer. Learning Objective 1-A Self-Quiz For answer, see Chapter 1 Self-Quiz Answers, page 15. Test your knowledge and comprehension of information presented in Learning Objective 1-A. 1) For purposes of the rules for improper disclosure or use of tax return information, the term disclosure can best be defined as the following. a) Disclosures refer only to disclosures without taxpayer consent. b) Disclosures refer to the act of making tax return information known to any person in any manner whatsoever. c) Disclosures refer only to situations where affirmative consent is required to make tax return information known to another party. d) Disclosures refers to use of tax return information by a tax preparer. 6 Chapter 1 TheTaxReview Disclosing Client Information
Learning Objective 1-B Apply rules for obtaining consents to disclose or use tax information. Revenue Procedure 2013-14 Revenue Procedure 2013-14 modifies the mandatory language required on each taxpayer consent to disclose or consent to use tax return information. The revenue procedure also explains the difference between tax return preparation services (or auxiliary services) and other financial or accounting services. The modified mandatory language required in consent forms clarifies that a taxpayer does not need to complete a consent form to engage a tax return preparer to perform only tax return preparation services. To allow a tax return preparer to disclose or use tax return information in providing services other than tax return preparation, however, a taxpayer must complete a consent form. See the Mandatory Consent Documents 1, 2, and 3, pages 11 and 12, refelecting the modified language. Regulations section 301.7216-3 provides that, unless the law specifically permits the disclosure or use of tax return information, a tax return preparer may not disclose or use a taxpayer s tax return information without obtaining consent from the taxpayer. Such consent must be knowing and voluntary. Regulations prescribe the form and content requirements that all consents to disclose or consents to use must include, as well as timing requirements and other limitations upon consents to disclose or consents to use tax return information. There is also a limitation upon consents to disclose a taxpayer s Social Security number to a tax return preparer located outside of the United States. NOTES Regulations prescribe the form and content requirements that all consents to disclose or consents to use must include, as well as timing requirements and other limitations upon consents to disclose or consents to use tax return information. Scope of Regulations Revenue Procedure 2013-14 applies to all tax return preparers, as defined in Regulations section 301.7216-1(b)(2), who seek consent to disclose or consent to use tax return information with respect to taxpayers who file a return in the Form 1040 series. Taxpayers who are not filers of returns in the Form 1040 series may use language prescribed in the revenue procedure or consents whose formats and content do not conform to the revenue procedure as long as the consents otherwise meet the regulatory requirements. Format of Consents Separate written document. Except for multiple disclosures or multiple uses within a single consent form, a taxpayer s consent to each separate disclosure or separate use of tax return information must be contained on a separate written document, which can be furnished on paper or electronically. For example, the separate written document may be provided as an attachment to an engagement letter furnished to the taxpayer. Size. A consent furnished to the taxpayer on paper must be provided on one or more sheets of 8½ inch by 11 inch or larger paper. All of the text on each sheet of paper must pertain solely to the disclosure or use the consent authorizes. All of the text on each sheet of paper must also be in at least 12-point type (no more than 12 characters per inch). TheTaxReview Disclosing Client Information Chapter 1 7
NOTES A consent furnished in electronic form must be provided on one or more computer screens. KEY FACT Electronic format. A consent furnished in electronic form must be provided on one or more computer screens. All of the text placed by the preparer on each screen must pertain solely to the disclosure or use of tax return information authorized by the consent, except for computer navigation tools. The size of the text must be at least the same size as, or larger than, the normal or standard body text used by the website or software package for direction, communications, or instructions, and there must be sufficient contrast between the text and background colors. In addition, each screen or screens, together, must be able to be signed electronically and dated by the taxpayer, and be able to be formatted in a readable and printer-friendly manner. Consent to Disclose Tax Return Information in a Context Other Than Tax Preparation or Auxiliary Services Unless a tax return preparer is obtaining a taxpayer s consent to disclose the taxpayer s tax return information to another tax return preparer to perform services that assist in, or to provide auxiliary services in connection with, the preparation of the taxpayer s tax return, any consent to disclose tax return information must contain the following statements in the following sequence. Federal law requires this consent form be provided to you. Unless authorized by law, we cannot disclose your tax return information to third parties for purposes other than the preparation and filing of your tax return without your consent. If you consent to the disclosure of your tax return information, federal law may not protect your tax return information from further use or distribution. You are not required to complete this form to engage our tax return preparation services. If we obtain your signature on this for by conditioning our tax return preparation services on your consent, your consent will not be valid. If you agree to the disclosure of your tax return information, your consent is valid for the amount of time that you specify. If you do not specify the duration of your consent, your consent is valid for one year from the date of signature. See Auxiliary Services, page 10. Also see Mandatory Consent Document 1, page 11. Consent to Disclose Tax Return Information for Tax Return Preparation or Auxiliary Services If a tax return preparer is otherwise required to obtain a taxpayer s consent to disclose the taxpayer s tax return information to another tax return preparer to perform services that assist in the preparation of, or to provide auxiliary services in connection with, the preparation of the taxpayer s tax return, any consent to disclose tax return information must contain the following statements in the following sequence. Federal law requires this consent form be provided to you. Unless authorized by law, we cannot disclose your tax return information to third parties for purposes other than those related to the preparation and filing of your tax return without your consent. If you consent to the disclosure of your tax return information, federal law may not protect your tax return information from further use or distribution. 8 Chapter 1 TheTaxReview Disclosing Client Information
You are not required to complete this form. Because our ability to disclose your tax return information to another tax return preparer affects the tax return preparation service(s) that we provide to you and its (their) cost, we may decline to provide you with tax return preparation services or change the terms (including the cost) of the tax return preparation services that we provide to you if you do not sign this form. If you agree to the disclosure of your tax return information, your consent is valid for the amount of time that you specify. If you do not specify the duration of your consent, your consent is valid for one year from the date of signature. See Auxiliary Services, page 10. Also see Mandatory Consent Document 2, page 11. NOTES Consent to Use Tax Return Information All consents to use tax return information must contain the following statements in the following sequence. Federal law requires this consent form be provided to you. Unless authorized by law, we cannot use your tax return information for purposes other than the preparation and filing of your tax return without your consent. You are not required to complete this form to engage our tax return preparation services. If we obtain your signature on this form by conditioning our tax return preparation services on your consent, your consent will not be valid. Your consent is valid for the amount of time that you specify. If you do not specify the duration of your consent, your consent is valid for one year from the date of signature. All Consents Must Contain the Following Statement If you believe your tax return information has been disclosed or used improperly in a manner unauthorized by law or without your permission, you may contact the Treasury Inspector General for Tax Administration (TIGTA) by telephone at 1-800-366-4484, or by email at complaints@tigta.treas.gov. Consent to Disclose Tax Return Information to a Tax Return Preparer Located Outside the United States If a tax return preparer to whom the tax return information is to be disclosed is located outside of the United States, the taxpayer s consent is required prior to any disclosure. Without Social Security number. If the tax return information to be disclosed does not include the taxpayer s Social Security number or if the Social Security number is fully masked or otherwise redacted, consents for disclosure of tax return information to a tax return preparer outside of the United States must contain the following statement. This consent to disclose may result in your tax return information being disclosed to a tax return preparer located outside the United States. If a tax return preparer to whom the tax return information is to be disclosed is located outside of the United States, the taxpayer s consent is required prior to any disclosure. TheTaxReview Disclosing Client Information Chapter 1 9
NOTES With Social Security number. If the tax return information to be disclosed includes the taxpayer s Social Security number or if the Social Security number is not fully masked or otherwise redacted, consents for disclosure of the taxpayer s tax return information to a tax return preparer outside of the United States must contain the following statement. This consent to disclose may result in your tax return information being disclosed to a tax return preparer located outside the United States, including your personally identifiable information such as your Social Security number ( SSN ). Both the tax return preparer in the United States that will disclose your SSN and the tax return preparer located outside the United States that will receive your SSN maintain an adequate data protection safeguard (as required by the regulations under 26 U.S.C. section 7216) to protect privacy and prevent unauthorized access of tax return information. If you consent to the disclosure of your tax return information, federal agencies may not be able to enforce United States laws that protect the privacy of your tax return information against a tax return preparer located outside of the United States to whom the information is disclosed. See Adequate Date Protection Safeguard, page 13. Disclosure of Entire Return KEY FACT If a consent authorizes the disclosure of a copy of the taxpayer s entire tax return or all information contained within a return, the consent must provide that the taxpayer has the ability to request a more limited disclosure of tax return information as the taxpayer may direct. A person is engaged in providing auxiliary services if, in the course of the person s business, the person receives tax return information from another tax return preparer. Auxiliary Services A person is engaged in the business of providing auxiliary services in connection with the preparation of tax returns if, in the course of the person s business, the person holds himself or herself out to tax return preparers or to taxpayers as a person who performs auxiliary services, whether or not the person charges a fee for those services. This can include individuals connected with the provision of tax software and electronic filing. A person is engaged in providing auxiliary services if, in the course of the person s business, the person receives tax return information from another tax return preparer. 10 Chapter 1 TheTaxReview Disclosing Client Information
Mandatory Consent Document 1 Consent to Disclose Tax Return Information in a Context Other Than Tax Preparation or Auxiliary Services NOTES [Insert language including the name of the person or firm who is intended to receive the information, purpose of disclosing the information, and instructions to sign the form below indicating affirmative consent] Federal law requires this consent form be provided to you. Unless authorized by law, we cannot disclose your tax return information to third parties for purposes other than the preparation and filing of your tax return without your consent. If you consent to the disclosure of your tax return information, federal law may not protect your tax return information from further use or distribution. You are not required to complete this form to engage our tax return preparation services. If we obtain your signature on this form by conditioning our tax return services on your consent, your consent will not be valid. If you agree to the disclosure of your tax return information, your consent is valid for the amount of time that you specify. If you do not specify the duration of your consent, your consent is valid for one year form the date of signature. [Include a signature line and date line and statement that the client is authorizing the tax preparer to disclose the client s tax information to the receiving person or firm] If you believe your tax return information has been disclosed or used improperly in a manner unauthorized by law or without your permission, you may contact the Treasury Inspector General for Tax Administration (TIGTA) by telephone at 1-800-366-4484, or by email at complaints@ tigta.treas.gov. Mandatory Consent Document 2 Consent to Disclose Tax Return Information for Tax Preparation or Auxiliary Services [Insert language naming the receiving person or firm, the purpose of the disclosure, and instructions to sign the form below indicating affirmative consent] Federal law requires this consent form be provided to you. Unless authorized by law, we cannot disclose your tax return information to third parties for purposes other than those related to the preparation and filing of your tax return without your consent. If you consent to the disclosure of your tax return information, federal law may not protect your tax return information from further use or distribution. You are not required to complete this form. Because our ability to disclose your tax return information to another tax return preparer affects the tax return preparation service(s) that we provide to you and it (their) cost, we may decline to provide you with tax return preparation services or change the terms (including the cost) of the tax return preparation services that we provide to you if you do not sign this form. If you agree to the disclosure of your tax return information, your consent is valid for the amount of time that you specify. If you do not specify the duration of your consent, your consent is valid for one year from the date of signature. [Include a signature line and date line and statement that the client is authorizing the tax preparer to disclose the client s tax information to the receiving person or firm] If you believe your tax return information has been disclosed or used improperly in a manner unauthorized by law or without your permission, you may contact the Treasury Inspector General for Tax Administration (TIGTA) by telephone at 1-800-366-4484, or by email at complaints@ tigta.treas.gov. TheTaxReview Disclosing Client Information Chapter 1 11
NOTES Mandatory Consent Document 3 Consent to Use Tax Information [Insert language naming the person or firm who will be receiving the information and the purpose of using the tax information] Federal law requires this consent form be provided to you. Unless authorized by law, we cannot use your tax return information for purposes other than the preparation and filing of your tax return without your consent. You are not required to complete this form to engage our tax return preparation services. If we obtain your signature on this form by conditioning our tax return preparation services on your consent, your consent will not be valid. Your consent is valid for the amount of time that you specify. If you do not specify the duration of your consent, your consent is valid for one year from the date of signature. [Include a signature line and date line and statement that the client is authorizing the tax preparer to use the client s tax information] If you believe your tax return information has been disclosed or used improperly in a manner unauthorized by law or without your permission, you may contact the Treasury Inspector General for Tax Administration (TIGTA) by telephone at 1-800-366-4484, or by email at complaints@ tigta.treas.gov. Learning Objective B Self-Quiz For answer, see Chapter 1 Self-Quiz Answers, page 15. Test your knowledge and comprehension of information presented in Learning Objective 1-B. 2) The following activity requires consent from the taxpayer. a) Disclosure of tax return information to a software company for purposes of updating a taxpayer s information. b) A tax preparer discloses tax return information to another tax preparer who is an Authorized e-file Provider. c) Any disclosure of tax return information by a tax preparer requires affirmative consent by the taxpayer, with the exception of specific disclosures listed in regulations. d) Disclosure of information to another tax return preparer for the purpose of obtaining auxiliary services in connection with the preparation of returns. 12 Chapter 1 TheTaxReview Disclosing Client Information
Learning Objective 1-C Apply prescribed safeguards for verifying an electronic signature. Adequate Data Protection Safeguard A tax return preparer located within the United States, including any territory or possession of the United States, may disclose a taxpayer s Social Security number to a tax return preparer located outside of the United States or any territory or possession of the United States with the taxpayer s consent only when both the tax return preparer located within the United States and the tax return preparer located outside of the United States maintain an adequate data protection safeguard at the time the taxpayer s consent is obtained and when making the disclosure. An adequate data protection safeguard is a management-approved and implemented security program, policy, and practice that includes administrative, technical, and physical safeguards to protect tax return information from misuse, unauthorized access, or disclosure and that meets or conforms to one of the following privacy or data security frameworks. 1) The United States Department of Commerce safe harbor framework for data protection (or a successor program), 2) A foreign law data protection safeguard that includes a security component (e.g., the European Commission s Directive on Data Protection), 3) A framework that complies with the requirements of a financial or similar industry-specific standard that is generally accepted as best practices for technology and security related to that industry (e.g., the BITS, Financial Services Roundtable, Financial Institution Shared Assessment Program), 4) The requirements of the AICPA/CICA Privacy Framework, 5) The requirements of the most recent version of IRS Pub. 1075, Tax Information Security Guidelines for Federal, State and Local Agencies and Entities, or 6) Any other data security framework that provides the same level of privacy protection as contemplated by one or more of the frameworks described in (1) through (5). Electronic Signatures If a taxpayer furnishes consent to disclose or consent to use tax return information electronically, the taxpayer must furnish the tax return preparer with an electronic signature that will verify that the taxpayer consented to the disclosure or use. The consent must be knowing and voluntary. Therefore, for an electronic consent to be valid, it must be furnished in a manner that ensures affirmative, knowing consent of the taxpayer to each disclosure or use. A tax return preparer seeking to obtain a taxpayer s consent to the disclosure or consent to the use of tax return information electronically must obtain the taxpayer s signature on the consent in one of the following manners: 1) Assign a personal identification number (PIN) that is at least five characters long to the taxpayer. To consent to the disclosure or consent to the use of the taxpayer s tax return information, the taxpayer may type in the pre-assigned PIN as the taxpayer s signature authorizing the disclosure or use. A PIN may not be automatically furnished by the software so that the taxpayer only has to click a button for consent to be furnished. The taxpayer must affirmatively enter the PIN for the electronic signature to be valid, NOTES An adequate data protection safeguard is a managementapproved and implemented security program, policy, and practice that includes administrative, technical, and physical safeguards to protect tax return information from misuse, unauthorized access, or disclosure and that meets or conforms to one of the following privacy or data security frameworks. For an electronic consent to be valid, it must be furnished in a manner that ensures affirmative, knowing consent of the taxpayer to each disclosure or use. TheTaxReview Disclosing Client Information Chapter 1 13
NOTES 2) Have the taxpayer type in the taxpayer s name and then hit enter to authorize the consent. The software must not automatically furnish the taxpayer s name so that the taxpayer only has to click a button to consent. The taxpayer must affirmatively type the taxpayer s name for the electronic consent to be valid, or 3) Any other manner in which the taxpayer affirmatively enters five or more characters unique to the taxpayer that the tax return preparer uses to verify the taxpayer s identity. For example, entry of a response to a question regarding a shared secret could be the type of information by which the taxpayer authorizes disclosure or use of tax return information. Learning Objective 1-C Self-Quiz For answer, see Chapter 1 Self-Quiz Answers, page 15. Test your knowledge and comprehension of information presented in Learning Objective 1-C. 3) A valid electronic consent to disclose or use a client s tax return information may be completed in the following manner. a) Having the client type in a three-digit PIN number. b) Having the client press Enter next to the client s name that has been listed by the computer on the consent document. c) Any manner in which the client affirmatively enters five or more characters unique to that taxpayer. d) Entry of a the answer to a personal question, such as answering DOG to the questions, What is your favorite animal? 14 Chapter 1 TheTaxReview Disclosing Client Information
Chapter 1 Self-Quiz Answers NOTES 1) For purposes of the rules for improper disclosure or use of tax return information, the term disclosure can best be defined as the following. a) Disclosures refer only to disclosures without taxpayer consent. Incorrect. There are certain rules allowing disclosures without taxpayer consent, but the term disclosure applies more generally to making any tax return information known to anyone. b) Disclosures refer to the act of making tax return information known to any person in any manner whatsoever. Correct. The term disclosure casts an extremely wide net, referring to any tax return information made known to anyone. c) Disclosures refer only to situations where affirmative consent is required to make tax return information known to another party. Incorrect. Certain situations require affirmative taxpayer consent to disclose information, but the term disclosure does not apply only to situations where affirmative consent is required. d) Disclosures refers to use of tax return information by a tax preparer. Incorrect. The term use refers to a return preparer taking action based on tax return information. Use falls under different rules than disclosure. 2) The following activity requires consent from the taxpayer. a) Disclosure of tax return information to a software company for purposes of updating a taxpayer s information. Incorrect. Disclosure to a software company for purposes of updating a taxpayer s information is allowed without formal consent from the taxpayer. b) A tax preparer discloses tax return information to another tax preparer who is an Authorized e-file Provider. Incorrect. Disclosing tax return information to an Authorized e-file Provider is allowed without formal consent from the taxpayer. c) Any disclosure of tax return information by a tax preparer requires affirmative consent by the taxpayer, with the exception of specific disclosures listed in regulations. Correct. Disclosures specifically allowed are defined in regulations. Any other disclosures require affirmative taxpayer consent. d) Disclosure of information to another tax return preparer for the purpose of obtaining auxiliary services in connection with the preparation of returns. Incorrect. Disclosure of information from one preparer to another for purposes of providing auxiliary services are allowed without specific consent from the taxpayer if both preparers are located in the United States. TheTaxReview Disclosing Client Information Chapter 1 15
NOTES 3) A valid electronic consent to disclose or use a client s tax return information may be completed in the following manner. a) Having the client type in a three-digit PIN number. Incorrect. A PIN number containing at least five digits may be used, but a three-digit PIN number is not sufficient. b) Having the client press Enter next to the client s name that has been listed by the computer on the consent document. Incorrect. A client can sign by entering their name, but if the computer automatically types the name, it is not considered affirmative consent. c) Any manner in which the client affirmatively enters five or more characters unique to that taxpayer. Correct. Entering a five-character signature is sufficient to indicate a taxpayer s affirmative consent to disclose or use tax return information. d) Entry of a the answer to a personal question, such as answering DOG to the questions, What is your favorite animal? Incorrect. Using the answer to a personal question must result in an answer of at least five characters to indicate affirmative consent. 16 Chapter 1 TheTaxReview Disclosing Client Information
2 Protecting Client Information Learning Objectives Successful completion of this course will enable the participant to: 2-A Apply principles of an effective data security plan. 2-B Identify problem areas relating to identity theft as explained by the Treasury Inspector General for Tax Administration (TIGTA). 2-C Recognize the components of the tax fraud and identity theft scheme set forth in the court decision in U.S. vs. Davis. CPE/CE Glossary Terms Firewall. Computer software or hardware designed to block hackers from accessing a computer. Secure Sockets Layer (SSL). A secure connection that protects electronic data while in transit. Identity Theft Clearinghouse. A central location used by the IRS to review and process identity theft leads. Learning Objective 2-A Apply principles of an effective data security plan. Data Security Plan A sound data security plan is built on five key principles. 1) Take Stock Know what personal information is stored in files and on the company s computers. Effective data security starts with assessing what information is stored and who has access to it. Understanding how personal information moves into, through, and out of the business and who has, or could have, access to it is essential to assessing security vulnerabilities. It is possible to determine the best ways to secure the information only after the flow of information is traced. Take an inventory of all computers, laptops, mobile devices, flash drives, disks, home computers, digital copiers, and other equipment to find out where the company stores sensitive data. Also inventory the information by type and location. File cabinets and computer systems are a start, but these are not always the only placed sensitive information is stored. Track personal information through the business by talking with office staff, managers, tax and accounting personnel, and outside service providers who may have access to the information. Get a complete picture of the following. It is possible to determine the best ways to secure the information only after the flow of information is traced. TheTaxReview Disclosing Client Information Chapter 2 17
NOTES If there is not a legitimate business need for sensitive personally identifying information, don t keep it. Who sends sensitive personal information to the business? How is the information obtained? Does the information come from customers? Credit card companies? Banks or other financial institutions? Job applicants? Other businesses? How does the business receive personal information? Does it come to the business through a website? By email? Through the mail? What kind of information is collected at each entry point? Does the accounting department keep information about customers checking accounts? Where is the information collected at each entry point kept? Is it in a central computer database? On individual laptops? On employees smartphones, tablets, or other mobile devices? In file cabinets? In branch offices? Do employees have files at home? Who has, or could have, access to the information? Which of the employees has permission to access the information? Do they need access? Could anyone else obtain it? Different types of information present varying risks. Pay particular attention to personally identifying information such as Social Security numbers, credit card or financial information, and other sensitive data. That s what thieves use most often to commit fraud or identity theft. 2) Scale Down Keep only what is needed for the business. If there is not a legitimate business need for sensitive personally identifying information, don t keep it. In fact, don t even collect it. If there is a legitimate business need for the information, keep it only as long as it s necessary. Use Social Security numbers only for required and lawful purposes, such as preparing tax returns. Don t use Social Security numbers unnecessarily, for example, as a customer identification number. Don t keep customer credit card information unless there is a business need for it. For example, don t retain the account number and expiration date unless you have an essential business need to do so. Keeping this information, or keeping it longer than necessary, raises the risk that the information could be used to commit fraud or identity theft. Check the default settings on computer software that reads customers credit card numbers and processes the transactions. Sometimes it s preset to keep information permanently. Change the default setting to make sure the information is not kept any longer than necessary. If the business keeps information for business reasons or to comply with the law, develop a written records retention policy to identify what information must be kept, how to secure it, how long to keep it, and how to dispose of it securely when no longer needed. 3) Lock It Protect the information. The best way to protect the sensitive personally identifying information depends on the kind of information and how it s stored. The most effective data security 18 Chapter 2 TheTaxReview Disclosing Client Information
plans deal with four key elements: physical security, electronic security, employee training, and the security practices of contractors and service providers. Physical security. Many data compromises happen the old-fashioned way through lost or stolen paper documents. Often, the best defense is a locked door or an alert employee. Store paper documents or files, as well as CDs, floppy disks, zip drives, tapes, and backups containing personally identifiable information in a locked room or in a locked file cabinet. Limit access to employees with a legitimate business need. Keep control of who has a key, and the number of keys. Require that files containing personally identifiable information be kept in locked file cabinets except when an employee is working on the file. Remind employees not to leave sensitive papers out on their desks when they are away from their workstations. Require employees to put files away, log off their computers, and lock their file cabinets and office doors at the end of the day. Implement appropriate access controls for the building. Tell employees what to do and who to call if they see an unfamiliar person on the premises. For offsite storage facilities, limit employee access to those with a legitimate business need. Know if and when someone gains access to the storage site. When shipping sensitive information using outside carriers or contractors, encrypt the information and keep an inventory of the information being shipped. Also, use an overnight shipping service that will allow you to track the delivery of your information. For devices that collect sensitive information, like PIN pads, secure them so that identity thieves can t tamper with them. Also inventory those items to ensure that they have not been switched. General network security. Identify the computers or servers where sensitive personal information is stored. Identify all connections to the computers where sensitive information is stored. These may include the internet, electronic cash registers, computers at branch offices, computers used by service providers to support a network, digital copiers, and wireless devices like smartphones, tablets, or inventory scanners. Assess the vulnerability of each connection to commonly known or reasonably foreseeable attacks. Depending on the circumstances, appropriate assessments may range from having a knowledgeable employee run off-the-shelf security software to having an independent professional conduct a full-scale security audit. Don t store sensitive consumer data on any computer with an internet connection unless it s essential for conducting business. Encrypt sensitive information sent to third parties over public networks (like the internet), and consider encrypting sensitive information that is stored on the computer network or on disks or portable storage devices used by employees. Consider also encrypting email transmissions if they contain personally identifying information. NOTES Require that files containing personally identifiable information be kept in locked file cabinets except when an employee is working on the file. TheTaxReview Disclosing Client Information Chapter 2 19
NOTES Explain to employees why it s against company policy to share their passwords or post them near their workstations. Regularly run up-to-date anti-virus and anti-spyware programs on individual computers and on servers on the network. Check expert websites and the software vendors websites regularly for alerts about new vulnerabilities, and implement policies for installing vendor-approved patches to correct problems. Consider restricting employees ability to download unauthorized software. Software downloaded to devices that connect to your network (computers, smartphones, and tablets) could be used to distribute malware. Scan computers on the network to identify and profile the operating system and open network services. If there are any unnecessary services, disable them to prevent hacks or other potential security problems. For example, if email service or an internet connection is not necessary on a certain computer, consider closing the ports to those services on that computer to prevent unauthorized access to that machine. When receiving or transmitting credit card information or other sensitive financial data, use Secure Sockets Layer (SSL) or another secure connection that protects the information in transit. Pay particular attention to the security of your web applications. Web applications may be particularly vulnerable to a variety of hack attacks. In one variation called an injection attack, a hacker inserts malicious commands into what looks like a legitimate request for information. Once in the system, hackers transfer sensitive information from your network to their computers. Password management. Control access to sensitive information by requiring that employees use strong passwords. Tech security experts say the longer the password, the better. Because simple passwords, like common dictionary words, can be guessed easily, insist that employees choose passwords with a mix of letters, numbers, and characters. Require an employee s user name and password to be different, and require frequent changes in passwords. Explain to employees why it s against company policy to share their passwords or post them near their workstations. Use password-activated screen savers to lock employee computers after a period of inactivity. Lock out users who don t enter the correct password within a designated number of log-on attempts. Warn employees about possible calls from identity thieves attempting to deceive them into giving out their passwords by impersonating members of the IT staff. Let employees know that calls like this are always fraudulent, and that no one should be asking them to reveal their passwords. When installing new software, immediately change vendor supplied default passwords to a more secure strong password. Caution employees against transmitting sensitive personally-identifying data, Social Security numbers, passwords, account information, via email. Unencrypted email is not a secure way to transmit any information. Laptop security. Restrict the use of laptops to those employees who need them to perform their jobs. Assess whether sensitive information really needs to be stored on a laptop. If not, delete it with a wiping program that overwrites 20 Chapter 2 TheTaxReview Disclosing Client Information
data on the laptop. Deleting files using standard keyboard commands isn t sufficient because data may remain on the laptop s hard drive. Wiping programs are available at most office supply stores. Require employees to store laptops in a secure place. Even when laptops are in use, consider using cords and locks to secure laptops to employees desks. Consider allowing laptop users only to access sensitive information, but not to store the information on their laptops. Under this approach, the information is stored on a secure central computer and the laptops function as terminals that display information from the central computer, but do not store it. The information could be further protected by requiring the use of a token, smart card, thumb print, or other biometric, as well as a password, to access the central computer. If a laptop contains sensitive data, encrypt it and configure it so users can t download any software or change the security settings without approval from IT specialists. Consider adding an auto-destroy function so that data on a computer that is reported stolen will be destroyed when the thief uses it to try to get on the internet. Train employees to be mindful of security when they re on the road. They should never leave a laptop visible in a car, at a hotel luggage stand, or packed in checked luggage unless directed to by airport security. If someone must leave a laptop in a car, it should be locked in a trunk. Everyone who goes through airport security should keep an eye on their laptop as it goes on the belt. KEY FACT Firewalls. Use a firewall to protect computers from hacker attacks while connected to the internet. A firewall is software or hardware designed to block hackers from accessing a computer. A properly configured firewall makes it tougher for hackers to locate the computer and get into programs and files. Determine whether a border firewall should be installed where the network connects to the internet. A border firewall separates the network from the internet and may prevent an attacker from gaining access to a computer on the network where sensitive information is stored. Set access controls that determine who gets through the firewall and what they will be allowed to see to allow only trusted employees with a legitimate business need to access the network. Since the protection a firewall provides is only as effective as its access controls, review them periodically. If some computers on the network store sensitive information while others do not, consider using additional firewalls to protect the computers with sensitive information. NOTES If a laptop contains sensitive data, encrypt it and configure it so users can t download any software or change the security settings without approval from IT specialists. Digital copiers. An information security plan should cover the digital copiers the company uses. The hard drive in a digital copier stores data about the documents it copies, prints, scans, faxes, or emails. If steps are not taken to protect that data, it can be stolen from the hard drive, either by remote access or by extraction once the drive has been removed. TheTaxReview Disclosing Client Information Chapter 2 21
NOTES A data security plan may look great on paper, but it s only as strong as the employees who implement it. Tips about safeguards for sensitive data stored on the hard drives of digital copiers: Get the IT staff involved when thinking about getting a copier. Employees responsible for securing your computers also should be responsible for securing data on digital copiers. When buying or leasing a copier, consider data security features offered, either as standard equipment or as optional add-on kits. Typically, these features involve encryption and overwriting. Encryption scrambles the data on the hard drive so it can be read only by particular software. Overwriting, also known as file wiping or shredding, replaces the existing data with random characters, making it harder for someone to reconstruct a file. When returning or disposing of a copier, find out whether the hard drive can be removed and destroyed, or overwrite the data on the hard drive. Have a skilled technician remove the hard drive to avoid the risk of breaking the machine. Detecting breaches. To detect network breaches when they occur, consider using an intrusion detection system. To be effective, it must be updated frequently to address new types of hacking. Maintain central log files of security-related information to monitor activity on the network in order to spot and respond to attacks. If there is an attack on the network, the log will provide information that can identify the computers that have been compromised. Monitor incoming traffic for signs that someone is trying to hack in. Keep an eye out for activity from new users, multiple log-in attempts from unknown users or computers, and higher-than-average traffic at unusual times of the day. Monitor outgoing traffic for signs of a data breach. Watch for unexpectedly large amounts of data being transmitted from the company s system to an unknown user. If large amounts of information are being transmitted from the network, investigate to make sure the transmission is authorized. Have in place and implement a breach response plan. Employee training. A data security plan may look great on paper, but it s only as strong as the employees who implement it. Take time to explain the rules to staff, and train them to spot security vulnerabilities. Periodic training emphasizes the importance you place on meaningful data security practices. A welltrained workforce is the best defense against identity theft and data breaches. Check references or do background checks before hiring employees who will have access to sensitive data. Ask every new employee to sign an agreement to follow the company s confidentiality and security standards for handling sensitive data. Make sure they understand that abiding by the data security plan is an essential part of their duties. Regularly remind employees of the company s policy, and any legal requirement, to keep customer information secure and confidential. Know which employees have access to consumers sensitive personally identifying information. Pay particular attention to data like Social Security numbers and account numbers. Limit access to personal information to employees with a need to know. Have a procedure in place for making sure that workers who leave or transfer to another part of the company no longer have access to sensitive information. 22 Chapter 2 TheTaxReview Disclosing Client Information
Terminate their passwords, and collect keys and identification cards as part of the check-out routine. Create a culture of security by implementing a regular schedule of employee training. Update employees as you find out about new risks and vulnerabilities. Make sure training includes employees at satellite offices, temporary help, and seasonal workers. If employees don t attend, consider blocking their access to the network. Train employees to recognize security threats. Tell them how to report suspicious activity and publicly reward employees who alert you to vulnerabilities. Tell employees about company policies regarding keeping information secure and confidential. Post reminders in areas where sensitive information is used or stored, as well as where employees congregate. Make sure policies cover employees who telecommute or access sensitive data from home or an offsite location. Teach employees about the dangers of spear phishing, which are scam emails containing information that makes the emails look legitimate. These emails may appear to come from someone within the company, generally someone in a position of authority. Make it office policy to independently verify any emails requesting sensitive information. When verifying, do not reply to the email and do not use links, phone numbers, or websites contained in the email. Warn employees about phone phishing. Train them to be suspicious of unknown callers claiming to need account numbers to process an order or asking for customer or employee contact information. Make it office policy to doublecheck by contacting the company using a known phone number. Require employees to notify a supervisor immediately if there is a potential security breach, such as a lost or stolen laptop. Impose disciplinary measures for security policy violations. NOTES Create a culture of security by implementing a regular schedule of employee training. 4) Pitch It Properly dispose of what is no longer needed. What looks like a sack of trash can be a gold mine for an identity thief. Leaving credit card receipts or papers or CDs with personally identifying information in a dumpster facilitates fraud and exposes consumers to the risk of identity theft. By properly disposing of sensitive information, it cannot be read or reconstructed. Implement information disposal practices that are reasonable and appropriate to prevent unauthorized access to or use of personally identifying information. Reasonable measures are based on the sensitivity of the information, the costs and benefits of different disposal methods, and changes in technology. Effectively dispose of paper records by shredding, burning, or pulverizing them before discarding. Make shredders available throughout the workplace, including next to the photocopier. When disposing of old computers and portable storage devices, use software for securely erasing data, usually called wipe utility programs. They re inexpensive and can provide better results by overwriting the entire hard drive so that the files are no longer recoverable. TheTaxReview Disclosing Client Information Chapter 2 23
NOTES Deleting files using the keyboard or mouse commands usually isn t sufficient because the files may continue to exist on the computer s hard drive and could be retrieved easily. Make sure employees who work from home follow the same procedures for disposing of sensitive documents and old computers and portable storage devices. 5) Plan Ahead Create a plan for responding to security incidents. Taking steps to protect data can go a long way toward preventing a security breach. Nevertheless, breaches can happen. Have a plan in place to respond to security incidents. Designate a senior member of the staff to coordinate and implement the response plan. If a computer is compromised, disconnect it immediately from the network. Investigate security incidents immediately and take steps to close off existing vulnerabilities or threats to personal information. Consider whom to notify in the event of an incident, both inside and outside the organization. Law enforcement may need to be notified, customers, credit bureaus, and other businesses that may be affected by the breach. In addition, many states and the federal bank regulatory agencies have laws or guidelines addressing data breaches. Learning Objective 2-A Self-Quiz For answer, see Chapter 2 Self-Quiz Answers, page 32. Test your knowledge and comprehension of information presented in Learning Objective 2-A. 1) Mary is setting a password for access to sensitive client information. Which of the following would be the simplest strong password that Mary could use? a) 93526841 b) (!@#$%^) c) iam4u2!! d) Emily s8 24 Chapter 2 TheTaxReview Disclosing Client Information
Learning Objective 2-B Identify problem areas relating to identity theft as explained by the Treasury Inspector General for Tax Administration (TIGTA). NOTES Identity Theft Results in Billions of Dollars in Fraudulent Tax Refunds The Treasury Inspector General for Tax Administration (TIGTA) released a report in September of 2013 providing details of the extent of identity theft in the context of fraudulent claims for refund. Background Identity theft continues to be a serious and growing problem which has a significant impact on tax administration. Identity theft for the purpose of tax fraud occurs when an individual uses another person s name and Taxpayer Identification Number (generally a Social Security number) to file a fraudulent tax return to obtain a fraudulent tax refund. Unscrupulous individuals are stealing identities at an alarming rate for this purpose. Many individuals who are victims of this type of identity theft may be unaware that their identity has been used to file fraudulent tax returns. The individuals victimized are typically those who are not required to file a tax return. The impact of identity theft on tax administration is significantly greater than the amount detected and prevented by the IRS. While the number of fraudulent tax refunds the IRS detects and prevents is substantial, it does not know the full scope of the fraud. A July 2012 TIGTA report on identity theft, found that undetected tax refund fraud results in significant unintended federal outlays. In the 2012 report, TIGTA concluded that, based on an analysis of Tax Year 2010 tax returns processed during the 2011 Filing Season, tax fraud by individuals filing fictitious tax returns with false income and withholding is significantly greater than what the IRS detects and prevents. Using characteristics of identity theft confirmed by the IRS, TIGTA identified approximately 1.5 million undetected tax returns with potentially fraudulent tax refunds totaling in excess of $5.2 billion. This review was performed as a follow-up review to the July 2012 TIGTA audit on identity theft, which included a review performed at the IRS Wage and Investment Division Accounts Management and Submission Processing functions in Atlanta, Georgia, during the period September 2012 through June 2013. The impact of identity theft on tax administration is significantly greater than the amount detected and prevented by the IRS. The IRS Continues to Expand its Identity Theft Detection Efforts The IRS continues to improve its efforts for identity theft detection and prevention of fraudulent tax refund issuance. These efforts include expanding identity theft filters. The IRS first developed identity theft filters for use in Processing Year 2012. The filters are used to identify potentially fraudulent tax returns and prevent the issuance of refunds at the time tax returns are being processed. Tax returns identified via the filters are held during processing until the IRS can verify the taxpayer s identity. If the individual s identity cannot be confirmed, the IRS removes the tax return from processing. This prevents the issuance of a fraudulent tax refund. TheTaxReview Disclosing Client Information Chapter 2 25
NOTES In Processing Year 2012, there were 11 filters that identified approximately 325,000 tax returns and prevented the issuance of approximately $2.2 billion in fraudulent refunds. In Processing Year 2013, the number of filters increased to more than 80. As of May 30, 2013, the IRS identified 151,010 tax returns and prevented the issuance of approximately $840 million in fraudulent tax refunds. This represents a 90% increase over the number that the IRS identified for the same period in Processing Year 2012. Tax Returns with the Same Address and/or Direct Deposit Account Numbers The TIGTA previously reported that a characteristic of some of the potentially fraudulent tax returns identified was the use of the same address and/or the same direct deposit account. In response, the IRS developed a filtering tool that groups tax returns based on address, zip code, and/or bank routing number. The groupings are then filtered through various business rules to identify potentially fraudulent tax returns. Tax return clustering was not in place when the Tax Year 2011 tax returns were processed. The filtering tool became operational in Processing Year 2013. As of May 30, 2013, the IRS indicated it had identified 154,302 tax returns and prevented the issuance of approximately $470 million in tax refunds. Identity Theft Clearinghouse The Identity Theft Clearinghouse provides IRS Criminal Investigation with a central location to review and process identity theft leads. The Clearinghouse performs research on each lead to develop it for the field offices and ensure that an open investigation is not already underway. In addition, the Clearinghouse passes relevant information to the appropriate function to attempt to incorporate newly identified fraud characteristics into identity theft filters. As of May 31, 2013, the Clearinghouse had received more than 3,400 identity theft leads that resulted in the development of 478 investigations. Expanding Cooperation with Local Law Enforcement With the assistance of various law enforcement agencies, the IRS has developed a pilot program to allow the IRS to share tax return information with law enforcement agencies with the consent of a taxpayer. This partnership, which is known as the Law Enforcement Assistance Program, has since been expanded to include all 50 states, the District of Columbia, Guam, the Northern Marianas Islands, Puerto Rico, and the U.S. Virgin Islands. This initiative provides a way for taxpayers to release their tax records to law enforcement agencies to attempt to find the identity thief through the review of their tax return. The law enforcement agency requests that the victim of identity theft fill out a waiver so that the IRS can release the tax return information filed by the identity thief to the law enforcement agency. As of May 30, 2013, the IRS processed 2,731 waivers from 244 different law enforcement agencies. While the above efforts have increased the IRS detection of fraudulent tax returns and prevented the issuance of billions of dollars in fraudulent tax refunds, the IRS still does not have timely access to third-party income and withholding information needed to 26 Chapter 2 TheTaxReview Disclosing Client Information
make substantial improvements in its detection efforts at the time tax returns are processed. Access to third-party income and withholding information is the key to enabling the IRS to prevent the continued issuance of billions of dollars in fraudulent tax refunds. The following shows one example of how the IRS can identify and prevent tax refund fraud when it has timely access to third-party information. In response to a recommendation made in a prior report, the IRS began matching Social Security benefit income and withholding reported on tax returns to information reported to the IRS by the Social Security Administration when tax returns are processed. Annually, in December, the IRS receives Forms SSA- 1099, Social Security Benefit Statement, from the Social Security Administration. The Form SSA-1099 contains the beneficiary s name, SSN, Social Security benefits received, and federal income tax withholding. For Processing Year 2012, the IRS created a filter that uses the Form SSA-1099 information at the time tax returns are processed to identify potentially fraudulent tax returns. The IRS decreased the number of undetected tax returns based on fraudulent Social Security benefit income by 86% compared to the amount we previously reported. The IRS would have been able to identify even more of the tax returns with fraudulent claims for Social Security benefits if it had been able to program this filter for use earlier in the 2012 Filing Season. Programming put in place at the beginning of the 2013 Filing Season included the entire Social Security record, which enabled the IRS to detect most tax returns reporting false Social Security benefits and withholding during the 2013 Filing Season. As of May 30, 2013, the IRS indicated it had identified 36,523 tax returns and prevented the issuance of approximately $184 million in tax refunds due to the Social Security filters. However, most of the third-party income and withholding information was not available until well after tax return filing began. Legislation would be needed for changes to the filing deadlines for information returns. The deadline for filing most information returns with the IRS is March 31, yet taxpayers can begin filing their tax returns as early as mid-january each year. For the 2013 Filing Season, the IRS received more than 88 million tax returns as of March 30, 2013. In April 2011, the IRS Commissioner introduced the IRS vision of an initiative that would allow matching of data on tax returns with data on third-party information returns at the time tax returns are processed. It is envisioned that this would reduce the number of erroneous refunds paid because it would allow the IRS to substantiate claims or entries made by the taxpayer on the tax return as they are filed. The IRS found that 91% of individual taxpayers receive one of three third-party information return types. As such, those information returns would likely be the highest priority for any changes to expedite transmittal and access for use in processing tax returns. To date, the IRS has conducted stakeholder sessions to discuss the impact, opportunities, and constraints around earlier data matching. While most stakeholders agree this type of solution is needed, they are concerned that earlier reporting will lead to more errors in the data. For example, stakeholders raised concerns that several pieces of information on the income documents, such as NOTES Access to third-party income and withholding information is the key to enabling the IRS to prevent the continued issuance of billions of dollars in fraudulent tax refunds. The IRS has conducted stakeholder sessions to discuss the impact, opportunities, and constraints around earlier data matching. TheTaxReview Disclosing Client Information Chapter 2 27
NOTES A taxpayer can call the IRS and follow automated prompts to receive an Electronic Filing PIN. tax on life insurance premiums, third-party sick pay, and state disability information, may not be available until after December 31. When taxpayers file their returns after a fraudulent return has been filed, they often experience significant burden and delays For those individuals who are required to file a tax return, it is not until the legitimate individual files a tax return, resulting in a duplicate filing under the same name and SSN, that many individuals realize they are a victim of identity theft. When the identity thief files the fraudulent tax return before the legitimate taxpayer, the IRS does not yet know that the victim s identity will be used more than once. Once the legitimate taxpayer files his or her tax return, this tax return is identified as a duplicate tax return and the refund is held until the IRS can confirm the taxpayer s identity. For Tax Year 2011, the IRS identified more than 174,000 SSNs that were used multiple times, i.e., one or more potentially fraudulent tax returns were associated with the multiple use of an SSN. The IRS estimated that approximately $183 million in potentially fraudulent tax refunds were paid to identity thieves who filed tax returns before the legitimate taxpayers filed theirs. This is in addition to the $4 billion noted previously, which is related to taxpayers who do not appear to have a filing requirement. Authenticating Taxpayers Remains a Challenge for the IRS Although the IRS is working toward finding ways to determine which tax returns are legitimate, it could do more to prevent identity thieves from electronically filing (e-filing) tax returns. Of the 1.2 million potentially fraudulent undetected tax returns, more than 1.1 million (93%) were e-filed. Before a tax return can be e-filed, the taxpayer must verify his or her identity with the correct date of birth and either the prior year s tax return Self-Select Personal Identification Number (PIN) or adjusted gross income. However, it has been determined that this control can be circumvented. If the taxpayer does not remember his or her information, he or she can go to IRS.gov, the IRS public internet website, to obtain an Electronic Filing PIN. An Electronic Filing PIN is obtained by providing personal information that the IRS matches against data on the prior year s tax return filed by the taxpayer. Alternatively, a taxpayer can call the IRS and follow automated prompts to receive an Electronic Filing PIN. For the 2013 Filing Season, the IRS required the taxpayer to provide Personally Identifiable Information, including requiring the taxpayer s address. Nonetheless, it remains a challenge for the IRS to authenticate taxpayers. For example, the IRS has not adopted industry practices of shared secrets, such as security challenge questions, to authenticate taxpayers, e.g., mother s maiden name or the name of first pet. TIGTA analysis of more than 900,000 undetected e-filed tax returns identified that taxpayers signed their tax return using the Self-Select PIN method for 508,210 (56%) of the returns. This method is required for any taxpayer filing a tax return using an online software package. An Electronic Filing PIN was provided for authentication for 150,683 (30%) of the 508,210 tax returns signed using the Self-Select PIN method. The remaining 393,374 e-filed tax returns were prepared by a paid tax practitioner who chose and entered a PIN on behalf of the taxpayer or had the taxpayer create a 28 Chapter 2 TheTaxReview Disclosing Client Information
PIN themselves. Taxpayers can authorize a practitioner (who is responsible for ensuring that the taxpayer is who they say they are) to sign the return for them by completing Form 8879, IRS e-file Signature, before the return is submitted to the IRS. NOTES Learning Objective 2-B Self-Quiz For answer, see Chapter 2 Self-Quiz Answers, page 32. Test your knowledge and comprehension of information presented in Learning Objective 2-B. 2) An IRS identity theft lock on a taxpayer s account will result in the following. a) E-filed returns will be rejected. Paper-filed returns will be processed but a refund will not be issued. b) All returns will be processed, but any refund will be delayed. c) Only paper-filed returns will be processed, and taxpayers should expect a six-week delay in issuance of a refund. d) E-filed returns will go through a special matching process and a refund will be issued if the return clears. Learning Objective 2-C Recognize the components of the tax fraud and identity theft scheme set forth in the court decision in U.S. vs. Davis. Tax Return Preparer Convicted Of Fraud and Identity Theft In December, 2013, a federal jury found Bernando O. Davis guilty of conspiracy, wire fraud, and aggravated identity theft for using stolen identities to file false federal income tax returns that claimed millions of dollars in bogus refunds. Almost every day we learn of another identity thief who has found a unique way to steal personal identifying information. The common theme is that the thieves always use the information they steal to commit a second theft: the theft of money, said United States Attorney Sally Quillian Yates. Today, a federal jury brought this defendant s identity theft scheme to an end. These unscrupulous defendants thought they had figured out a clever scheme to thwart the IRS and steal from American taxpayers, said IRS Criminal Investigation, Special Agent in Charge, Veronica F. Hyman-Pillot. Today s verdict clearly demonstrates that taking advantage, manipulating, and stealing from the American people will not go unpunished. This case is just another prime example that demonstrates the hard work and collaborative law enforcement effort to fight against perpetrators committing fraudulent acts against the American public. The U.S. Postal Inspection Service will continue to aggressively investigate all crimes where illegal use of the U.S. mail is used to further fraudulent schemes. said Keith Fixel, Postal Inspector in Charge, U.S. Postal Inspection Service - Charlotte Division. TheTaxReview Disclosing Client Information Chapter 2 29
NOTES Davis and his co-conspirators used the victims personal information to file fraudulent tax returns that claimed a total of over $19 million. The evidence at trial showed that Davis had over 1,600 tax refund checks sent to his home address. The Scheme According to United States Attorney Yates, the charges and other information presented in court included the following. From approximately July 2010 to January 2013, Davis operated Davis Tax Service, a tax preparation business in Clayton County, Georgia. Davis, working with others, including Kevin J. Sonnier, and Carla L. Jefferson of Palmdale, California, led thousands of victims to believe that they could apply for government stimulus payments or free government money from the federal government by providing their names and Social Security numbers. Davis and his co-conspirators used toll-free telephone numbers, websites, flyers, and radio advertisements to advertise the stimulus payments and collect victims personal information. They also recruited runners who promoted the scheme by word of mouth and collected victims personal information. In addition to the stimulus charade, Davis and his co-conspirators acquired names from a variety of sources, including prisons and homeless shelters, to use in the fraud. Many victims testified that they had never heard about the stimulus payments, but their identities were nonetheless used by Davis and his co-conspirators to file bogus tax returns. In actuality, no stimulus payment existed, and Davis and his co-conspirators used the victims personal information to file fraudulent tax returns that claimed a total of over $19 million in bogus refunds. On the returns, Davis claimed false income amounts and student credits to generate the bogus tax refunds. In many of the returns, Davis directed the IRS to pay the refund amounts to bank accounts he or his co-conspirators controlled. Davis and his co-conspirators shared in the profits generated from this scheme. The victims did not know that Davis had filed tax returns in their names. The evidence at trial showed that Davis had over 1,600 tax refund checks sent to his home address in Stockbridge, Ga., by listing his home address as the victims address on the tax returns he filed in their names. In addition to the checks, Davis received thousands of letters addressed to the victims from the IRS, Social Security Administration, and other government agencies. After seeing such a large number of Treasury checks coming to Davis home address, a mail carrier seized over 1,000 of these checks and provided them to law enforcement. Federal agencies executed a search warrant at Davis and Sonnier s business location in February 2013. There they found numerous lists of names, Social Security numbers, and birth dates of victims which were used to file tax returns. They also found tax forms with victims signatures taped onto the forms to make it look like the victims had authorized the tax returns. In reality, Davis and his co-conspirators had cut the signatures from the stimulus applications and taped them to the tax forms to make their business appear legitimate if anyone asked any questions. When agents first entered the business to execute the search, Davis fled out of the back of the building and was arrested with the assistance of Clayton County law enforcement. Davis also faxed a fraudulent Georgia driver s license and tax forms to a Texas detective in 2012, when the detective asked questions about a tax return Davis had fraudulently filed in a Texas victim s name. Davis falsely represented that 30 Chapter 2 TheTaxReview Disclosing Client Information
the license had been given to him by the taxpayer. Numerous text messages were also introduced at trial where co-conspirators sent Davis names and Social Security numbers, including from prisoners, for use in the scheme. In June 2012, Davis, 27, of Stockbridge, Ga., entered into an Assurance of Voluntary Compliance with the Administrator of the Georgia Fair Business Practices Act, in which he agreed to modify his business practices. The evidence at trial demonstrated that despite entering into this agreement, he continued to file false tax returns using the identities of unsuspecting victims. Over 20 victims testified at trial. The scheme affected over 15,000 victims in virtually every state across the country. NOTES The Convictions The jury convicted Davis of one count of conspiracy, 15 counts of wire fraud, and 15 counts of aggravated identity theft. The wire fraud counts each carry a maximum sentence of 20 years in prison, the conspiracy count carries a maximum sentence of 5 years in prison, and the aggravated identity theft charges each carry a mandatory two-year sentence. At least one of the two-year sentences for aggravated identity theft must run consecutively to any other sentence imposed. Each count also carries a fine of up to $250,000. Davis was detained after the verdict. On November 20, 2013, Jefferson pleaded guilty to conspiracy for her role in the scheme. On May 22, 2013, Sonnier, 44, of Ellenwood, Georgia, pleaded guilty to conspiracy, wire fraud, and aggravated identity theft for his role. As part of his plea agreement, Sonnier agreed to forfeit his interest in 17 separate pieces of real estate located throughout Clayton County, thousands of dollars that were previously seized from his bank accounts, and over 80 electronic devices and items of jewelry that were previously seized by the government. In addition, Sonnier agreed to a money judgment of at least $7 million and full restitution to the IRS. Learning Objective 2-C Self-Quiz For answer, see Chapter 2 Self-Quiz Answers, page 32. Test your knowledge and comprehension of information presented in Learning Objective 2-C. 3) In U.S. vs. Davis, Bernardo Davis was convicted of the following tax fraud scheme. a) Claiming bogus deductions on behalf of taxpayers and splitting the refund. b) Charging clients for adding non-existent children to their tax return for purposes of claiming the Earned Income Credit. c) Having clients sign a blank tax return, then filing the return with fraudulent claims for refundable education credits. d) Davis stole the identities and taxpayer information from individuals and filed fraudulent claims for refund. TheTaxReview Disclosing Client Information Chapter 2 31
NOTES Chapter 2 Self-Quiz Answers 1) Mary is setting a password for access to sensitive client information. Which of the following would be the simplest strong password that Mary could use? a) 93526841 Incorrect. Although a strong password should contain numbers, it should also contain letters and characters. b) (!@#$%^) Incorrect. A strong password should contain letters, numbers and characters. c) iam4u2!! Correct. A strong password should contain a mix of letters, numbers, and characters. d) Emily s8 Incorrect. Although the password contains letters and numbers, a strong password should also contain characters. 2) An IRS identity theft lock on a taxpayer s account will result in the following. a) E-filed returns will be rejected. Paper-filed returns will be processed but a refund will not be issued. Correct. The IRS has prevented the issuance of approximately $5.6 million in fraudulent tax refunds since implementation of the lock. b) All returns will be processed, but any refund will be delayed. Incorrect. E-filed returns on locked accounts will be rejected. Paper-filed returns will be processed, but refunds will not be issued. c) Only paper-filed returns will be processed, and taxpayers should expect a six-week delay in issuance of a refund. Incorrect. Paper-filed returns will be processed, but refunds will not be issued on a locked account. d) E-filed returns will go through a special matching process and a refund will be issued if the return clears. Incorrect. E-filed returns from a locked account will be rejected. 32 Chapter 2 TheTaxReview Disclosing Client Information
3) In U.S. vs. Davis, Bernardo Davis was convicted of the following tax fraud scheme. a) Claiming bogus deductions on behalf of taxpayers and splitting the refund. Incorrect. Davis stole the identities of taxpayers and filed fraudulent returns using their information. NOTES b) Charging clients for adding non-existent children to their tax return for purposes of claiming the Earned Income Credit. Incorrect. In most of the cases, Davis used the taxpayer s information to file fraudulent returns and had the refunds either sent to his bank account or mailed to his address. c) Having clients sign a blank tax return, then filing the return with fraudulent claims for refundable education credits. Incorrect. Some of Davis fraudulent returns contained claims for refundable education credits, but he cut victims signatures from other documents and pasted to Form 1040. d) Davis stole the identities and taxpayer information from individuals and filed fraudulent claims for refund. Correct. Most of Davis victims did not know returns had been filed on their behalf. TheTaxReview Disclosing Client Information Chapter 2 33
34 Chapter 2 TheTaxReview Disclosing Client Information
Final Exam Go to www.thetaxbook.com and click on Login to Education Center to take the Final Exam. Do not mail. CPE/CE Circle the correct answer. 1) The following action can result in preparer sanctions for improper disclosure of tax return information. a) Any disclosure to a third party without affirmative taxpayer consent. b) Any disclosure to a third party without taxpayer consent unless the action is specifically allowed in regulations. c) Disclosure of client information to an employee of the same firm in the U.S. for purposes of assisting in the preparation of the taxpayer s return. d) Disclosure to an Authorized e-file Provider. 2) A taxpayer s affirmative consent to use tax return information will be considered invalid under the following circumstances. a) The tax preparation firm will not prepare the return unless the taxpayer signs the consent form. b) The taxpayer specifies the duration of the consent will last more than one year. c) The consent limits the use of tax information to preparation of the return. d) The consent limits the use of the tax information to filing of the return. 3) The following is an authorized method of obtaining an electronic signature from the taxpayer for a consent to disclose or use tax return information. a) A personal identification number (PIN) containing at least four letters. b) The taxpayer hits the Enter key when the software furnishes the taxpayer s name and prompts the taxpayer to do so. c) The taxpayer enters a response to a question regarding a shared secret with an answer that contains at least four letters. d) Any method in which the taxpayer enters five or more unique characters that the tax preparer uses to verify the taxpayer s identity. 4) A computer security system that uses hardware or software to block hackers from accessing the computer is referred to as a: a) Firewall. b) Password. c) Wiping program. d) Secure Sockets Layer (SSL). DO NOT MAIL Go to www.thetaxbook.com and click on Login to Education Center to take the Final Exam. TheTaxReview Disclosing Client Information Final Exam 35
DO NOT MAIL Go to www.thetaxbook.com and click on Login to Education Center to take the Final Exam. 5) The report on identity theft issued in September 2013 by the Treasury Inspector General for Tax Administration reached the following conclusion regarding the prevalence of identity theft involving taxpayers. a) Security programs have reduced the number of instances of identity theft and the problem is on the decline. b) Although identity theft remains a serious problem, new procedures ensure that in most cases taxpayers know immediately if someone has stolen their identity and used it to file a fraudulent return. c) Although identity theft continues to be a serious problem for individual taxpayers, it does not have significant impact on tax administration. d) Identity theft continues to be a serious and growing problem, affecting individual taxpayer and having a significant impact on tax administration. 6) The following most accurately describes the scope of tax fraud described in the court decision in U.S. vs. Davis, a) The scheme affected mostly taxpayer in the local area of Ellenwood, GA. b) The scheme affected taxpayers throughout Clayton County, GA. c) The scheme affected taxpayers in the southeast region of the United States. d) The scheme affected victims in virtually every state across the country. 7) According to the Treasury Inspector General for Tax Administration (TIGTA) report on identity theft relating to taxpayers, of the fraudulent tax returns filed in tax year 2011, what percentage were filed electronically? a) Over 50% b) Over 60% c) Over 70% d) Over 90% 8) The term encryption refers to what? a) Encryption is the computer process that sends data via email. b) The encryption process scrambles data on the hard drive so it can be read only by particular software. c) Encryption is software used by hackers to gain unauthorized access to a computer network. d) Encryption is the process of overwriting data with random characters to make it more difficult for someone to reconstruct the file. 9) The term phishing can be defined as follows. a) Background checks on potential employees. b) Monitoring incoming computer traffic to detect security breaches. c) Scam emails that look legitimate. d) Identity thieves sorting through the trash looking for sensitive information. 10) A Secure Sockets Layer (SSL) provides the following security for sensitive data. a) Protecting electronic information in transit. b) Locking out users who do not enter the correct password. c) Blocking hackers from unauthorized access to a computer. d) Providing an auto-destroy function to protect information on a computer that has been stolen. 36 Final Exam TheTaxReview Disclosing Client Information
INSTRUCTIONS Final Examination Instructions Expiration Date Reminder: The Final Exam must be completed online within one year from your date of purchase or shipment. CPE/CE credits are not available more than one year after your date of purchase or shipment. All Final Exams are administered online at www.thetaxbook.com. It is recommended that you review the Final Exam at the end of the course before taking it online. Final Exams mailed in will not be graded. Follow the instructions below: 1) Go to www.thetaxbook.com. 2) Click on Login to Education Center, where you will find a location to log in to the Final Exam. 3) Enter your User Name in the self-study CPE/CE login location. The email address associated with your account at Tax Materials, Inc. is your User Name. If you do not have an email address, or have not provided one, please call our toll-free number at 1-866-919-5277 to be assigned a User Name. 4) Enter your Password. The zip code associated with your account is your password. If you are having difficulty logging onto the Final Exam, please call our toll-free number at 1-866-919-5277. 5) Select the Disclosing Client Information Exam and click the Take Exam button. 6) You will be taken to the Final Exam. First confirm your First Name and Last Name are correct. This is how your name will appear on your Certificate of Completion should you achieve a score of 70% or higher. Take the Final Exam. Read the questions carefully and answer them to the best of your ability. At the bottom of the exam, click on Submit Answers when finished. You will instantly know if you have passed the test. If you failed, you are able to retake the test. If you passed, the Certificate of Completion will be available for you to print. DO NOT MAIL Go to www.thetaxbook.com and click on Login to Education Center to take the Final Exam. TheTaxReview Disclosing Client Information Final Exam 37
38 Final Exam TheTaxReview Disclosing Client Information
Index CPE/CE A Authenticating taxpayers, 28 Auxiliary services, 1, 8 C Chapter 1 use and disclosure of tax return information, 1 Chapter 2 protecting client information, 17 Consent, 2 Copiers, 21 Course completion instructions, ii Course overview, i CPE/CE credit hours, i D Data protection safeguard, 13 Data security plan, 17 Davis, 29 Detecting breaches, 22 Digital copiers, 22 Direct deposit account numbers, 26 Disclosure of entire return, 10 Disclosure or use, 1 Disclosures to third parties, 3 E Electronic format, 8 Electronic signatures, 13 Employee training, 22 Examination instructions, ii Expiration date, i F Final exam, 35 Final examination instructions, ii, 37 Firewall, 17 Firewalls, 21 Format of consents, 7 Fraudulent tax refunds, 25 H Hard drives, 22 I Identity theft, 25 Identity Theft Clearinghouse, 17, 26 L Laptop security, 20 Learning objective 1-A self-quiz, 6 Learning objective 1-B self-quiz, 12 Learning objective 1-C self-quiz, 14 Learning objective 2-A self-quiz, 24 Learning objective 2-B self-quiz, 29 Learning objective 2-C self-quiz, 31 Learning objectives, iii Local law enforcement, 26 Lock, 18 M Mandatory consent, 1 N NASBA, i National Association of State Boards of Accountancy, i Network security, 19 O Overview, i P Passing grade, i Password management, 20 Penalties, 1 Physical security, 19 PIN, 13 Prerequisites, i Program content, i Publication date, i R Recommended participants, i Record retention, i Restitution, 31 S Safeguards for sensitive data, 22 Section 6713, 1 Section 7216, 1 Secure sockets layer, 17 Separate written document, 7 Social security number, 9 Sonnier, 31 SSL, 17 T Tax return information, 1 U Use, 1 W Wire fraud, 31 TheTaxReview Disclosing Client Information Index 39
40 Index TheTaxReview Disclosing Client Information
Course Evaluation 2015 Disclosing Client Information Self-Study CPE/CE CPE/CE Please comment on all the following evaluation points for this program and assign a number grade, using a 1 5 scale, with 5 as the highest. Grade (1 5) 1) Were the stated learning objectives met? Comments: 2) Were the prerequisite requirements appropriate? Comments: 3) Were program materials accurate? Comments: 4) Were program materials relevant? Comments: 5) Did the program materials contribute to the achievement of the learning objectives? Comments: 6) Was the time allotted to the learning activity appropriate? Comments: 7) Was the use of the online test-taking satisfactory? Comments: 8) Did the online grading system work well? Comments: 9) Was the study guide appropriate and complete with regard to assisting with learning the material? Comments: 10) Did the layout and overall visual presentation make the study guide easy to read and understand? Comments: Other feedback or suggestions: Please mail to: Tax Materials, Inc. 15105 Minnetonka Ind. Rd., Ste 221, Minnetonka, MN 55345 Thank you for helping us improve our CPE/CE course offerings! TheTaxReview Disclosing Client Information Course Evaluation 41