Ready to Disclose How You Protect Your Clients' Privacy?

• Author: ALLEN, BRUCE

CalCPA recently learned that the federal Gramm-Leach-Bliley Act applies to CPAs who prepare federal or state tax returns for individuals. GLB requires that all non-business clients be informed of the privacy policies of a broad group of financial service providers (banks, tax preparation services, check cashing businesses, travel agencies affiliated with financial service providers, educational institutions that provide loans and others) with whom they have a customer (client) relationship.

WHO MUST COMPLY?

GLB was intended to apply to banks and other credit institutions that may have been abusing customer trust by selling or sharing personal information. However, the Federal Trade Commission regulations do include those who are "significantly engaged" in the preparation of federal or state personal tax returns, or who provide financial planning services.

In this context, significantly engaged essentially means that the service is provided for compensation. Individuals who prepare an occasional tax return without charge for a relative are not required to provide the relative with a privacy disclosure notice.

WHAT MUST BE DISCLOSED?

The FTC regulations implementing this act require disclosure of specific information to nonbusiness clients. Disclosures are not required for clients that are businesses. These requirements are currently in effect and compliance is mandated by July 1, 2001. Qualifying CPA firms must notify clients by that date of their privacy policy.

Under the regulations, one-time or initial disclosures are required for all new and existing clients. Disclosures are to be made every 12 months thereafter to all clients. The disclosure must be a clear and conspicuous notice, written in plain language that accurately reflects the provider's privacy policy and practices. There is no requirement that the communication be sent as a separate mailing.

These disclosures are required even though California law specifically prohibits the disclosure or use of tax return information for any purpose other than that for which it was provided without the advance written consent of the taxpayer. Under the FTC rules, even those who are prohibited by law from sharing information, are required to notify their clients of the kinds of personal information they collect and the fact that they are prohibited by statute from sharing that information.

There is no required form for this notice, but it must include the following information:

* The...