Running Total for 2007 as of February 12th - a minimum of


Individual Records Were Illegally Breached. The National Pandemic of Stupidity Continues... Are You on the List?

Monday, February 05, 2007

Update for Small Accountancy Firms and Tax Preparers - GLBA

Congress passed sweeping legislation in 1999 to require "financial institutions" to protect their customers data. While traditional tax preparers aren't considered financial institutions, they do collect and warehouse private financial data and ARE subject to this rule.

Even though you "think" it may not apply to you, read on... It very well might.

See below for information from the following publication:

In Brief: The Financial Privacy Requirements of the Gramm-Leach-Bliley Act

Protecting the privacy of consumer information held by "financial institutions" is at the heart of the financial privacy provisions of the Gramm-Leach-Bliley Financial Modernization Act of 1999. The GLB Act requires companies to give consumers privacy notices that explain the institutions' information-sharing practices. In turn, consumers have the right to limit some - but not all - sharing of their information.

Here's a brief look at the basic financial privacy requirements of the law.

Financial Institutions

The GLB Act applies to "financial institutions" - companies that offer financial products or services to individuals, like loans, financial or investment advice, or insurance. The Federal Trade Commission has authority to enforce the law with respect to "financial institutions" that are not covered by the federal banking agencies, the Securities and Exchange Commission, the Commodity Futures Trading Commission, and state insurance authorities. Among the institutions that fall under FTC jurisdiction for purposes of the GLB Act are non-bank mortgage lenders, loan brokers, some financial or investment advisers, tax preparers, providers of real estate settlement services, and debt collectors. At the same time, the FTC's regulation applies only to companies that are "significantly engaged" in such financial activities.

The law requires that financial institutions protect information collected about individuals; it does not apply to information collected in business or commercial activities.
CPAs Exempt from Gramm-Leach-Bliley Act Privacy Notification Requirement

Press Release from the AICPA, Washington, DC, October 13, 2006—The President today signed a bill that exempts certified public accountants from the Gramm-Leach-Bliley Act’s requirement that CPAs send their clients an annual privacy notice. The exemption is effective immediately.
Tax Preparers are however NOT currently exempt from the Security Rule of 15USC Sec. 6801 - which states:

(b) Financial institutions safeguards

In furtherance of the policy in subsection (a) of this section, each agency or authority described in section 6805(a) of this title shall establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical, and physical safeguards -

(1) to insure the security and confidentiality of customer records and information;

(2) to protect against any anticipated threats or hazards to the security or integrity of such records; and

(3) to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.

Thank you George Toft from for bringing this to our attention.

No comments: