top of page

Securing Taxpayer Data: Strategies for Tax Prep Companies to Build Client Trust

Updated: Apr 15

This guest blog was contributed by Narayana Pappu, CEO at Zendata

Narayana Pappu, CEO at Zendata

Many Americans are turning to online tax filing services to simplify the process and avoid the hassle of paperwork. While these services offer convenience, they often come with a hidden cost: your personal and financial data. In recent years, major tax preparation companies have been accused of misusing sensitive client data for financial gain. From the unauthorized sharing of personal information to the exploitation of user data for targeted advertising, these breaches of trust have left many taxpayers feeling vulnerable and wary of handing over their most confidential financial records.

This article will explore some of the actionable strategies tax prep companies can implement to rebuild confidence in their clients and demonstrate their commitment to protecting client data.

First and foremost, tax prep companies must be vigilant about controlling access to confidential data and enforcing the principle of least privilege to ensure only authorized individuals can view or handle it - but it can't stop there. Advanced access management systems can take this a step further by adjusting permissions based on factors like  location, device security posture, and the sensitivity of the accessed data. This helps minimize the risk of unauthorized access, whether from bad actors or employees who may inadvertently view information they shouldn't. Equally important is the ongoing monitoring and adjustment of access rights. As employees' roles change, get promoted, or complete projects, their permissions must be updated to reflect the needs of their current role. Failure to do so can result in sensitive data being exposed to the wrong people. 

Beyond access controls, companies must consider the risks posed by emerging technologies like AI. AI has introduced a new level of sophistication to social engineering attacks and identity fraud scams targeting taxpayers. Tax prep companies must ensure their employees are extensively trained on the latest AI-enabled attack techniques, ensuring they know how to identify and shut down these attempts. It is also vital that tax professionals know how to properly collect clients’ financial information, utilizing approved company portals with encryption, rather than via phone or email. 

It is also essential for tax prep companies to have a comprehensive data backup strategy in place. All taxpayer financial data should be regularly backed up to secure off-site storage, as storing local copies of this sensitive information can increase the risk of a data breach or loss. Once tax season is complete, companies should implement a data retention and deletion process to remove any unnecessary taxpayer data from their systems to minimize exposure and reduce the potential impact of a data breach.

Additionally, tax companies should pay close attention to the risks posed by temporary workers, who are often hired during this peak season. While these companies may have stringent data security policies and training in place, temporary workers may not be a part of training sessions or informed of these protocols. With access to sensitive financial information, these workers could inadvertently (or sometimes intentionally) compromise client data. To prevent this, tax prep companies should ensure temporary workers undergo thorough background checks, receive comprehensive training, and are granted access only to the information necessary for their roles.

Finally, tax preparation companies should make transparency a priority, and clearly communicate their data privacy protocols. Taxpayers deserve to know exactly how their personal information will be collected, stored, and used. With this, taxpayers have a responsibility to conduct thorough research when selecting a tax preparation service. While these companies do have a duty to protect their clients’ data, they may not have the best policies in place.  By researching the companys’ data privacy practices, asking questions, and choosing services that have a  demonstrated commitment to security, taxpayers can take an active role in protecting their personal information.

Ultimately, the safety of client day is not only a responsibility for tax prep companies, but it is the law. Unfortunately, breaches do happen and in the event that it does, it is important that these companies are prepared. By implementing the proper tools, offering (and requiring) ongoing training, and prioritizing transparency, tax preparation companies can ensure the safety of their clients’ data, and instill confidence in their clients, leading to incredible business outcomes.


bottom of page