IRS Releases Part 4 and 5 of a Five-Part Security Summit Tips for Tax Professionals during COVID-19

This article wraps up the last of the ​Security Summit’s​ five-part series called Working Virtually: Protecting Tax Data at Home and at Work. ​As a refresher, the Security Summit is made up of the Internal Revenue Service (“IRS”), state tax agencies, and private-sector tax industry officials. The impetus for releasing this five-part series was to equip ​tax practitioners with specific strategies to assess and secure their home and office data, due to the fact that many tax professionals are not working from home.​ ​This article explains the fourth and fifth tips that the Security Summit issued. The fourth tip reminds tax practitioners to be alert of and avoid phishing scams. The fifth tip reminds tax professionals that federal law requires them to have a written information security plan. The Security Summit further recommends that practitioners create an emergency response plan if they experience a data theft.

Tip 4: Avoiding Phishing Scams
What should tax practitioners be on the lookout for to spot potential phishing scams? First, phishing emails can have an urgent message. For example, cybercriminals can send an email impersonating human resources or an administrator asking for the recipient to update their password or other personal information by clicking on a link. The link will then take the individual to a fake site that feigns the appearance of a trusted source requesting them to insert personal information. Or, the email could contain an attachment for the recipient to click on that instead downloads malware on their computer. Now cybercriminals are capitalizing on COVID-19 fears ​by presenting themselves as providers of face masks or personally protective equipment in short supply. Tax professionals should beware of emails from criminals posing as potential clients. Tax practitioners should thus stay vigilant in scanning all emails and urge on the side of caution rather than clicking on any email attachment or any link in an email. When in doubt, taxpayers and tax preparers can forward suspicious emails posing as the IRS to phishing@irs.gov.

Lastly, because phishing scams are commonplace, and often successful, the Security Summit urges tax professionals to educate all office personnel about the dangers and risks of opening suspicious emails – especially during the COVID-19 period.

Tip 5: Make a Plan for Protecting Data and Reporting Theft
The Financial Services Modernization Act of 1999, also known as the Gramm-Leach-Bliley ACT, requires that tax professionals have a written security plan in place to safeguard their client’s tax data. This federal law is administered and enforced by the Federal Trade Commission (“FTC”). The FTC underscores that a tax preparer’s security plan must be appropriate to the company’s size and complexity, the nature and scope of its activities, and the sensitivity of the customer information it handles. Therefore, a security plan for a solo tax practitioner would differ from a global firm’s security plan. On the other hand, the FTC does have requirements that apply to all tax companies, irrespective of their size and complexity.

Each tax institution must:
● Designate one or more employees to coordinate its information security program;

● Identify and assess the risks to customer information in each relevant area of the company’s operation, and evaluate its effectiveness of the current safeguards for controlling these risks;

● Design and implement a safeguards program, and regularly monitor and test it;

● Select service providers that can maintain appropriate safeguards, making sure the contract requires them to maintain safeguards, and oversee their handling of customer information; and

● Evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring.

Failure to have a data security plan may result in an FTC investigation. The IRS may also treat a violation of the FTC safeguards rule as a violation of the IRS Revenue Procedure 2007-40 which stipulates the rules for tax professionals participating as an Authorized IRS e-file Provider.

On July 10, 2019, the IRS created this ​youtube video​ to reiterate that all tax preparers must have a written security plan. The video also reiterates the basic requirements for how tax preparers can safeguard taxpayer data. And, as an additional tool, you can revisit the “Taxes-Security-Together” Checklist​ the Security Summit rolled out during the 2019 summer as a starting point for analyzing office data security. You can also look at IRS ​Publication 4557, Safeguarding Taxpayer Data (PDF)​, which details critical security measures that all tax professionals should enact. Finally, the Security Summit noted that the FTC is currently re-evaluating the Safeguards Rule and has proposed new regulations. Therefore, tax preparers should be alert to any changes in the Safeguards Rule and its effect on the tax preparation community.

Creating a Data Theft Response Plan; Report Data Thefts to the IRS
The Security Summit also recommends that all tax practitioners create a response plan so that they have steps in place should they experience a data theft. If a client or the tax firm are the victim of data theft, the Security Summit states that they should immediately:

● Report it to the ​local IRS Stakeholder Liaison​. ​Stakeholder Liaisons will notify IRS Criminal Investigation and others within the agency. Speed is critical. If reported quickly, the IRS can take steps to block fraudulent returns in clients’ names and will assist through the process.

● Email the Federation of Tax Administrators at statealert@taxadmin.org. ​Get information on how to report victim information to the states. Most states require that the state attorney general be notified of data breaches. This notification process may involve multiple offices.

Cyber attackers could also steal a tax practitioner’s identity too. Tax practitioners should
regularly check their IRS e-Services e-File Application to see a weekly count of tax returns filed with their Electronic Filing Identification Number (“EFIN”). Excessive filings are a sign of data theft. E-file applications should also be kept up to date. Circular 230 practitioners also can review weekly the number of tax returns filed using their Preparer Tax Identification Number (“PTIN”). Excessive filings are also a sign of data theft.

As always, tax professionals should take advantage of the additional resources the IRS provides related to security recommendations and questions in ​Publication 4557 Safeguarding Taxpayer Data​ (PDF), as well as the National Institute of Standards and Technology (NIST’s) Small Business Information Security: The Fundamentals​ (PDF).

VW Contributor: Skylar Young
© 2020 Vandenack Weaver LLC
For more information, Contact Us

Federal Trade Commission To Evaluate Endorsements and Testimonials in Advertising

On February 12, 2020, the Federal Trade Commission (“FTC”) announced that it is seeking public comment regarding endorsements and testimonials in advertising, including those on consumer review websites. The FTC is interested in learning about the connections between the endorser, reviewer, the underlying business, and the medium in which the endorsement is posted.

The FTC is charged with enforcing the Endorsement Guides, as enacted in 1980 and amended in 2009. The Guides provide rules for businesses and other organizations to follow when using endorsement and testimonial advertising, including a requirement to disclose material connections of the endorser. The intent is to ensure that the consumer understands the connections in order to properly evaluate the credibility of the endorsement and testimonial. Based on the evolution of technology, the FTC is particularly concerned with the use of consumer review websites and whether they properly disclose the various connections and incentives.

The FTC is accepting comment from the public regarding these rules and, based on statements from commissioners on the rise of influencers and fake reviews, this could be an area that the FTC decides to revise rules and have stricter enforcement. For businesses and organizations that use consumer reviews and endorsements as a form of advertising, this is the time to ensure that the advertising and marketing efforts comply with the Guides.

VW Contributor: Alex Rainville
© 2020 Vandenack Weaver LLC
For more information, Contact Us

CBD Sellers Beware: FTC Issues Warnings on CBD Marketing Practices

By Ryan Coufal

On September 10^th, 2019 the Federal Trade Commission (“FTC”) sent warning letters to three companies that sell oils, tinctures, capsules, “gummies,” and creams which contain cannabidiol (“CBD”), a chemical compound derived from the cannabis plant.  While the FTC did not identify the companies publicly, the letters warn that it is illegal to advertise a product that can prevent, treat, or cure human disease without reliable scientific evidence to support such claims. 

The companies’ websites claim that CBD products “’work like magic’ to relieve ‘even the most agonizing pain,’” are a “miracle pain remedy,” and are highly effective at treating “the root cause of most major degenerative diseases.”  The websites then promote that CBD treats a whole host of diseases including: cancer, Alzheimer’s disease, multiple sclerosis (MS), fibromyalgia, cigarette addiction, colitis, autism, anorexia, bipolar disorder, post-traumatic stress disorder, schizophrenia, anxiety, depression, Lou Gehrig’s Disease (ALS), stroke, Parkinson’s disease, epilepsy, brain injuries, diabetes, Crohn’s disease, psoriasis, AIDS, arthritis, and heart disease, with one of the websites even stating the treatment is “clinically proven.” 

In its letters the FTC instructs the companies to review all claims made about their products, including consumer testimonials, to ensure such claims are supported by competent and reliable scientific evidence.  Making such unsubstantiated claims can be in direct violation of sections of the FTC Act, 15 U.S.C. §§ 45(a) and 52, which regulate advertising.  Additionally, such claims can violate the Federal Food, Drug, and Cosmetic Act (FDCA), 21 U.S.C. § 321(g)(1)(B) which is regulate by the U.S. Food and Drug Administration (FDA).  On March 28, 2019 the FTC and FDA jointly sent similar warnings to three different CBD companies about their marketing practices, with the FDA taking the stance that such marketing practices are evidence that CBD products are intended to be used as drugs, which require extensive testing and FDA approval before marketing the products in such a manner.  Making a claim that CBD is a drug that can cure disease when it has not been approved by the FDA could create the potential for violation of the FDCA.

The FTC gave the latest three companies fifteen (15) days to notify the agency of the specific actions they have taken to correct the agency’s concerns.  Companies that sell CBD products should take note of the marketing practices the FTC and FDA are regulating and review all claims made about their CBD products and ensure they are backed by reliable and competent scientific evidence, and ensure they are not marketing CBD products as drugs under the FDCA.

© 2019 Vandenack Weaver LLC
For more information, Contact Us

 

 

 

IRS Warns Taxpayers About Recent Phone Scam

The Internal Revenue Service (“IRS”) recently warned taxpayers that an aggressive phone scam that targets taxpayers, often senior citizens, is making rounds throughout the country and costing taxpayers millions of dollars and their personal information. The callers are con artists who claim to be IRS employees. The caller tells the victim taxpayer that the taxpayer owes money to the IRS and threatens the taxpayer with legal action if he or she refuses to pay. The caller often demands immediate payment with a prepaid debit card, gift card, or wire transfer.

The callers often alter caller IDs to make it look like the IRS is the true caller, know information about their victims, use fake names and IRS identification badge numbers, and leave urgent callback requests. Similarly, callers may tell taxpayers they have a refund due, in an attempt to trick taxpayers into sharing private information.

The IRS reminded taxpayers the IRS will never do any of the following:

• call to demand immediate payment using a specific payment method,
• threaten to immediately bring legal action against a taxpayer who refuses to pay,
• demand that a taxpayer pay taxes without providing the taxpayer the opportunity to question or appeal the amount the IRS claims the taxpayer owes,
• ask for credit or debit card numbers over the phone.

he IRS also reminded taxpayers it will work with private collection agencies for the collection of certain tax debts this year. However, the IRS reported that if a private agency calls, there will not be any threats or immediate payment demands and the call will typically occur only after the agency has mailed the taxpayer a notification about the debt.
The IRS urges taxpayers to protect their personal information at all times and to report scam calls to the IRS, the Federal Trade Commission, or the Treasury Inspector General for Tax Administration.

© 2017 Vandenack Weaver LLC
For more information, Contact Us

Annual HSR Act Threshold Increases Announced

By M. Tom Langan, II

The Federal Trade Commission recently announced its annual increases to the Hart-Scott Rodino Act filing thresholds.  The new numbers went into effect on February 25, 2016.  Under the new thresholds, acquisitions of $78.2 million or less are not reportable.  Transactions above this amount may be reportable depending on other conditions.

For the complete set of numbers, please see Revised Jurisdictional Thresholds.

© 2016 Vandenack Williams LLC
For more information, Contact Us