Ready to Disclose How You Protect Your Clients' Privacy?
WHO MUST COMPLY?
GLB was intended to apply to banks and other credit institutions that may have been abusing customer trust by selling or sharing personal information. However, the Federal Trade Commission regulations do include those who are "significantly engaged" in the preparation of federal or state personal tax returns, or who provide financial planning services.
In this context, significantly engaged essentially means that the service is provided for compensation. Individuals who prepare an occasional tax return without charge for a relative are not required to provide the relative with a privacy disclosure notice.
WHAT MUST BE DISCLOSED?
These disclosures are required even though California law specifically prohibits the disclosure or use of tax return information for any purpose other than that for which it was provided without the advance written consent of the taxpayer. Under the FTC rules, even those who are prohibited by law from sharing information, are required to notify their clients of the kinds of personal information they collect and the fact that they are prohibited by statute from sharing that information.
There is no required form for this notice, but it must include the following information:
* The categories of nonpublic personal information collected. Nonpublic personal information is defined by the FTC as "generally speaking ... (1) personally identifiable financial information, plus (2) a consumer list (and publicly available information pertaining to the consumers on that list) that is derived using personally identifiable information that is not publicly available... ." Examples of nonpublic personal information, according to the May 24, 2000 Federal Register (Vol. 65, No. 101, page 33681), include information a client provides to you, account balance information, the fact that an individual is or has been a client, and information from a consumer report.
* The categories of nonpublic personal financial information that you might disclose. You should state if you are legally prohibited from disclosing nonpublic personal financial information.
* The categories of affiliates and non-affiliated third parties to whom you disclose nonpublic personal financial information, or that you do not make such disclosures. California law requires that clients consent in advance, in writing, to any disclosure of tax return information and that the consent include the name of the individual to whom the information will be disclosed.
* The firm's policies with respect to sharing information on individuals who are no longer clients.
* The categories of information disclosed pursuant to agreements with third-party service providers and joint marketers, and the categories of third parties providing the services, or that you do not do so.
* The client's right to opt out of the disclosure of nonpublic personal information, if you make such disclosures. California law requires that clients give permission to have their tax return information used for any purpose other than for which it was given.
* Any disclosures made under the Fair Credit Reporting Act.
* Your practices with regard to protecting the confidentiality, security and integrity of nonpublic personal information.
All affected firms are required to develop and implement a written information security program that includes administrative, technical and physical safeguards for customer records. Additionally, firms are required to exercise appropriate due diligence in selecting and monitoring service providers to ensure that the service providers also implement appropriate security measures to meet the guidelines' objectives.
WHERE TO FIND THE NEW RULES
An appendix to the FTC rules provides sample clauses that can be used to construct a disclosure, but none of them apply directly to CPA firms. Additionally, many bank Web sites carry their privacy disclosure notices, and these may provide some guidance. The FTC final rule can be accessed online at http://www.ftc.gov, or through CalCPA's members' only interactive government relations site at http://calcpa.iris1.com. A print version of the final rule is available in the May 24, 2000 Federal Register (Vol. 65, No. 101, page 33688).
Members are encouraged to contact their liability insurer or legal counsel for specific guidance in complying with the new requirement.
Bruce Allen is CalCPA's director of government relations.
SAMPLE PRIVACY DISCLOSURE LETTER
CPAs who must comply with the FTC's privacy disclosure requirements must send their initial disclosure by July 1, 2001, to all clients for whom they prepare personal income, estate or gift tax returns, and to individuals for whom they provide financial planning services. The disclosure must be sent every 12 months thereafter.
The following sample disclosure letter is provided for illustrative purposes only. Your own situation will vary and each letter must be tailored to fit your own circumstances and practices. It is not intended to provide legal advice.
Dear Client of Stable, Strong and Aware:
If you are like most Americans, privacy is a big concern to you. We want you to know that we at Stable, Strong and Aware share this concern. During the preparation of your (tax return/financial plan), you share personal information with the employees and owners of Stable, Strong and Aware. This might include information on applications, worksheets, tax organizers or other documents we use in preparing your taxes or financial plan. It also may include information we receive directly from third parties such as brokerage houses and banks regarding your accounts with them and information about your transactions with us, or our affiliates. (CPAs who run credit checks on their clients need to indicate that they collect information from consumer credit reporting agencies.) We value your trust and make every effort to continue to deserve your confidence.
Protecting your privacy is important to us and your personal information is only shared with those employees with whom it is necessary to perform the services you have hired us to do. State and federal laws, and the standards of the CPA profession, pledge us to keep your information confidential unless we are required by a legal authority to divulge the information.
Your personal information is stored in a secure space or on a secure computer. We take our obligation to you very seriously and value your trust. If you ever discontinue your client relationship with Stable, Strong and Aware, we will be happy to furnish you with a copy of the information in our files and will continue to protect and treat the information that you have trusted us with as confidential. When your personal information is no longer needed, it is shredded, erased or destroyed before being recycled.
Partners of Stable, Strong and Aware, CPAs
|Printer friendly Cite/link Email Feedback|
|Date:||Mar 1, 2001|
|Previous Article:||LIGHTS OUT OPPORTUNITIES EMERGE FROM THE DARKNESS.|
|Next Article:||XBRL: Make Its Power Your Own.|