Federal and state privacy laws require financial and tax professionals to safeguard the personal information of their clients. And the clients themselves need to know that you implement the highest degree of caution to protect the sensitive information they share with you. Therefore, besides a robust security plan for safeguarding digital data, it’s critical to have well-defined security procedures for physical documents for your Pennsylvania accounting practice.
Handling of Physical Documents
Keep all of your clients’ physical documents under lock and key at all times when you are not actively working with them. If you step away from your desk, return them to the locked location. Maintain clear policies regarding what members of your staff have access to the locked storage. Have a gatekeeper of documents rather than giving everyone access. The locked location should also be fireproof.
Do not throw documents in the trash. Once it goes out, it is available to the public. Any papers that must be discarded should go into a locked bin until destroyed.
The safest way to send your mail is by handing it directly to the postal carrier or delivering it to the post office. This will eliminate any chance of identity theft while the mail is waiting to be picked up.
The IRS has up to six years to audit tax returns; therefore, most information should be retained for seven years, although some documents can be shredded earlier. Pay stubs and monthly brokerage statements can be destroyed once they have been checked against W-2s, 1099s, and yearly statements. Document shredding is the easiest and safest way to destroy sensitive documents.
If you have a small practice and feeding papers one at a time through an office shredder isn’t too time-consuming for you, you may choose to do this. Otherwise, you may want to consider a shredding service.
HIPAA has data destruction requirements, including proof of compliance. Shredding services offer their clients certificates of destruction, providing you with evidence of compliance and your clients with confidence in the safety of their documents.
Time is money. Having your staff run paper through the office shredder is probably not cost-efficient.
Services provide locked bins in which you place your documents to be shredded until they come to your site to perform the shredding. On-site service ensures that your clients’ personal information never gets into the hands of a third party without your supervision.
Besides educating and training your staff on security protocols for digital data and physical documents, communicate your safeguards to your clients to enhance your professional reputation and instill in them greater confidence in the safety of their sensitive information. Your security policies will not only protect you from legal issues due to non-compliance or data breaches, but they will also strengthen your client relationships while helping to build your practice.