Printer Friendly

CBA interprets 54.1: Board offers FAQs on client confidentiality regs.

The California Board of Accountancy has published Frequently Asked Questions related to Rule 54.1 regarding client confidentiality and the CPAs obligation to protect client information. CPAs should review these answers carefully to ensure that they are in compliance.

For reference, the FAQs and text of rules 54 and 54.1 is provided below. They are also available at

Q 1. If a CPA uses an external service provider (separate legal entity) to process confidential information such as tax returns, will written permission from the client be required?

Yes, if confidential information is disclosed to an outside third party, written permission from the client is required.

Q 2. What constitutes written permission?

Any reasonable written document that acknowledges the client is aware that the information may be disclosed and confirms in writing the client's permission for the disclosure. The approval always should be secured in advance of the disclosure. Written consent may be through an engagement letter or in a separate consent agreement. Written permission includes faxes and e-mails.

Q 3. Can the written permission be obtained through the use of an engagement letter that discloses the anticipated use of the external service provider?

Yes, an engagement letter signed and dated by the client could serve as written permission, provided it complies with the requirements of Sec. 54.1.

Q 4. If software, such as tax or accounting software, is typically used wholly within the CPA firm's office, but confidential client information needs to be disclosed to an external technician or software vendor to resolve software problems, will written permission from the client be required?


Q 5. If CPAs anticipate that their external service provider will disclose confidential client information to persons or entities outside the U.S., will the fact of anticipated disclosure require specific informed written consent of the client?

Yes. Disclosure of confidential information to persons or entities outside the United States will require written client notification and permission, even if the information will be going to persons within the same firm.

CPAs who use external service providers should always inquire regarding the provider's transfer of information to persons or entities outside the U.S. If it is anticipated that this will occur (CPA or external service provider will disclose), under Sec. 5063.3 and Sec. 54.1, the CPA must inform the client in writing and obtain the client's written permission for the disclosure.

Q 6. Would written permission from the client be required if a CPA "stored" confidential client documents or information on an Internet file server?

No, written permission would not be required because the documents or information are being stored with an outside service provider, rather than being disclosed.

Q 7. If a client telephones their CPA and requests that the CPA provide confidential client information, such as a tax return to the client's bank, is written permission from the client required?

No, under Sec. 54.1(a)(7), a client may request that the CPA disclose the client's confidential information to a designated person or entity without providing written permission for the disclosure.

Sec. 54: Confidential Information Defined, Exception "Confidential information" includes all information obtained by a licensee, in their professional capacity, concerning a client or a prospective client, except that it does not include information obtained from a prospective client who does not subsequently become a client, where all of the following conditions are met:

(a) The licensee provides reasonable notice to the prospective client or the prospective client's representative that the information will not be treated as confidential information in the event the provider does not become a client, and that providing such information will not preclude the licensee from being employed by a party adverse to the potential client in any current or future legal action or proceeding. For purposes of this section, "reasonable notice" shall mean the following:

(1) With respect to oral communications, including telephonic communications, reasonable notice consists of oral notice to the speaker given immediately by the licensee upon hearing that client information is being presented or will be presented.

(2) With respect to written communications, including electronic and facsimile communications, reasonable notice consists of an oral or written notice to the sender within one business day.

(b) The licensee, on request, returns the original and all copies of documents provided by the prospective client or his or her representative within 30 days.

(c) The licensee does not utilize in any manner the information obtained, except that nothing shall prohibit the licensee from utilizing the same information obtained from an independent source, such as through litigation discovery.

Sec. 54.1: Disclosure of Confidential Information Prohibited

(a) No confidential information obtained by a licensee, in their professional capacity, concerning a client or a prospective client shall be disclosed by the licensee without the written permission of the client or prospective client, except for the following:

(1) disclosures made by a licensee in compliance with a subpoena or a summons enforceable by order of a court;

(2) disclosures made by a licensee regarding a client or prospective client to the extent that the licensee reasonably believes that it is necessary to maintain or defend themselves in a legal proceeding initiated by that client or prospective client;

(3) disclosures made by a licensee in response to an official inquiry from a federal or state government regulatory agency;

(4) disclosures made by a licensee or a licensee's duly authorized representative to another licensee in connection with a proposed sale or merger of the licensee's professional practice;

(5) disclosures made by a licensee to (A) another licensee to the extent necessary for purposes of professional consultation, and to (B) professional standards review, ethics or quality control peer review organizations;

(6) disclosures made when specifically required by law; and

(7) disclosures made at the direct request of the client to a person or entity that is designated by the client at the time of the request.

(b) In the event that confidential client information may be disclosed to persons or entities outside the U.S. in connection with the services provided, the licensee shall so inform the client in writing and obtain the client's written permission for the disclosure.

Bruce C. Allen is CalCPA's director of government relations.
COPYRIGHT 2006 California Society of Certified Public Accountants
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2006, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:governmentrelations
Author:Allen, Bruce C.
Publication:California CPA
Date:Sep 1, 2006
Previous Article:Safety first: OSHA has high expectations for your business--are you in compliance?
Next Article:There's value in membership.

Related Articles
Next comes regulation: with the legislative session over, regulators gear up. (Government Relations).
CBA revises regulations regarding disclosure.
A new tax court? Also, state legislators discuss outsourcing, disclosure.
Outsourcing guidance for CPAs: hot topic has everyone from state legislators to the AICPA chiming in.
CBA issues outsourcing disclosure regulation.
CBA: get it in writing: clients must grant written permission before you disclose.
Capitol's newest CPA: CalCPA member Fiona Ma elected to Assembly.

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters