Cybersecurity & Compliance for CPA Firms

Who’s covered by the FTC Safeguards Rule?

The FTC Safeguards Rule serves to safeguard consumers’ sensitive personal information held by financial service firms.

This mandate extends to Certified Public Accountants (CPAs) who handle such data during their professional services.

Adhering to the FTC Safeguards Rule not only protects consumers’ privacy, but also fosters trust in the CPA profession by ensuring the security of client information.

CPAs are required to establish and maintain comprehensive information security programs to ensure the confidentiality and integrity of client information.

This includes protecting data such as financial records, tax returns, and other confidential documents from unauthorized access or disclosure.

What does the Safeguards Rule require companies to do?

Safeguards designed to protect customer information

What Customer Information needs to be protected?

“any record containing nonpublic personal information about a customer of a financial institution, whether in paper, electronic, or other form, that is handled or maintained by or on behalf of you or your affiliates.”

Your information security program must be written and it must be appropriate to the size and complexity of your business, the nature and scope of your activities, and the sensitivity of the information at issue.