FTC Safeguards Rule Compliance – Is Your CPA and Accounting Firm Ready?

The FTC is mandating the implementation of new technologies and security controls to protect the SECURITY, CONFIDENTIALITY, AND INTEGRITY of customer information.

“Customer Information means any record containing nonpublic personal information about a customer of a financial institution, whether in paper, electronic, or other form, that is handled or maintained by or on behalf of you or your affiliates.”

All Accounting, Tax Professionals, Enrolled Agents, Wealth Management Advisors, and other financial institutions MUST Be Compliant By June 2023.

  • Fines range from $10,000 to $100,0000 per violation
  • Gross Breaches can result in up to 5 years in prison
    • Example: intentional abuse of protected information

3 Things You May be Wondering about the New FTC Regulations...

1. Is my CPA Firm Actually Impacted by the new FTC regulations?

Yes. According to the Code of Federal Regulations, § 314.2(h), the FTC requirements apply to your CPA Firm and compliance is required by June 9th, 2023.

2. Can’t this wait until Later

Unfortunately, no. The updated FTC regulations go into full effect on June 9th, 2023. All CPA Firms will be subject to regulations, penalties, and fines as of this date.

3. Are the new FTC Safeguards regulations complicated?

Ensuring your CPA Firm is up to speed on the new regulations is daunting without help. In fact, professional I.T. support is now mandated by the Safeguards Rule.

The IRS requires your business to have a written information security plan (WISP) in place as part of their PTIN renewal application.  The WISP outlines how customer data will be used, stored, and shared, as well as procedures for responding to security incidents or breaches when they occur.  

Tax Preparers during the PTIN renewal process will notice it now states: “Data Security Responsibilities: “ I am aware of my legal obligation to have a data security plan and to provide data and system security protections for all taxpayer information. Check the box to confirm you are aware of this responsibility.”

It is also important for businesses to train staff on proper data handling protocols so everyone is on the same page when protecting consumer information from unauthorized access or abuse. Additional items include data backup, anti-virus, drive encryption, and enabling multi-factor or two-factor authentication for your application and remote access, like VPN or LogMeIn or Splashtop.

Compliance and Cybersecurity best practices take time to plan, implement and test; you should be starting the process sooner rather than later.  

To learn more, watch this video or book a free FTC Strategy call today.

How will the new FTC Safeguards Rule impact California CPA Firms?

CPA Firms are in possession of critical consumer information, including access to customer names, addresses, tax information, credit card numbers, identifying business information, critical employee information, and other financial information, which are prime targets for hackers.

With the FTC’s Safeguards Rule deadline going into effect on June 9th, CPA Firms must have detailed procedures and specific criteria implemented to provide better protection and curb data breaches and cyber attacks that could jeopardize sensitive customer data.

While most CPA Firms anticipate needing external support to meet the Rule’s security obligations, evaluating a myriad of vendors and tools to meet different sets of requirements can add to the existing burden.

When you schedule a 1-on-1 Free FTC Safeguards meeting, you will receive a step-by-step guide on how to ensure that your firm is up to date on regulations and compliance while also procuring the necessary steps to mitigate your risk of a cyberattack.

We often hear accountants and small business owners say:

“Our computers have anti-virus, our files on saved on the Cloud (OneDrive, Google Drive, Dropbox), and my applications (QuickBooks, Ultra Tax, Microsoft Office 365) are hosted. So we are good and safePlus we are too small and don’t have the budget.


Many businesses are just depending on anti-virus and the “Cloud” to protect them,  guess what? Things have changed, and many businesses have people working from home, using personal devices and unprotected wireless networks; this creates risk at a magnitude never previously imagined. The new risks are complex, and it’s constantly evolving. The old way of managing risks, having a firewall, anti-virus, backup, and the cloud, does not cut it in the digital age of ransomware and cybercriminals. If you are seeing a bunch of pop-up messages or warning messages or unwanted emails constantly appearing in your mailbox, you already have a problem. Chances are high that you’ve already been compromised. Can you answer YES to all these security measures:


After performing an assessment, eSudo provided me with multiple options to resolve my issue – all within budget.

eSudo Technology is a one-stop shop for all your IT needs including projects, technical issues and even back-filling when you are short

Rudy M,

Director of Information Technology
BioForm Medical, San Mateo, CA

Not Ready to Talk, Don't Worry, Take A Self-Assessment

Are you curious to know if your practice is ready for the latest FTC Safeguards requirements? It may be something you don’t think about every day, but slow outdated systems and inadequate defenses create risks and result in costly fines, downtime, and open doors for hackers or cyber criminals.

Let eSudo help you understand how well your IT infrastructure is working. We can help your business meet FTC Safeguards requirements.  Start with our self-network security assessment or “PEN Test” to examine key areas of your practice: