FTC Safeguards Rule Compliance – Is Your CPA and Accounting Firm Ready?

The FTC is mandating the implementation of new technologies and security controls to protect the SECURITY, CONFIDENTIALITY, AND INTEGRITY of customer information.

“Customer Information means any record containing nonpublic personal information about a customer of a financial institution, whether in paper, electronic, or other form, that is handled or maintained by or on behalf of you or your affiliates.”

All Accounting, Tax Professionals, Enrolled Agents, Wealth Management Advisors, and other financial institutions MUST Be Compliant By June 2023.

  • Fines range from $10,000 to $100,0000 per violation
  • Gross Breaches can result in up to 5 years in prison
    • Example: intentional abuse of protected information

3 Things You May be Wondering about the New FTC Regulations...

1. Is my CPA Firm Actually Impacted by the new FTC regulations?

Yes. According to the Code of Federal Regulations, § 314.2(h), the FTC requirements apply to your CPA Firm and compliance is required by June 9th, 2023.

2. Can't this wait until Later

Unfortunately, no. The updated FTC regulations go into full effect on June 9th, 2023. All CPA Firms will be subject to regulations, penalties, and fines as of this date.

3. Are the new FTC Safeguards regulations complicated?

Ensuring your CPA Firm is up to speed on the new regulations is daunting without help. In fact, professional I.T. support is now mandated by the Safeguards Rule.

Compliance and Cybersecurity best practices take time to plan, implement and test; you should be starting the process sooner rather than later.  

To learn more, watch this video or book a free FTC Strategy call today.

How will the new FTC Safeguards Rule impact California CPA Firms?

CPA Firms are in possession of critical consumer information, including access to customer names, addresses, tax information, credit card numbers, identifying business information, critical employee information, and other financial information, which are prime targets for hackers.

With the FTC’s Safeguards Rule deadline going into effect on June 9th, CPA Firms must have detailed procedures and specific criteria implemented to provide better protection and curb data breaches and cyber attacks that could jeopardize sensitive customer data.

While most CPA Firms anticipate needing external support to meet the Rule’s security obligations, evaluating a myriad of vendors and tools to meet different sets of requirements can add to the existing burden.

When you schedule a 1-on-1 Free FTC Safeguards meeting, you will receive a step-by-step guide on how to ensure that your firm is up to date on regulations and compliance while also procuring the necessary steps to mitigate your risk of a cyberattack.

We often hear accountants and small business owners say:

"Our computers have anti-virus, our files on saved on the Cloud (OneDrive, Google Drive, Dropbox), and my applications (QuickBooks, Ultra Tax, Microsoft Office 365) are hosted. So we are good and safe. Plus we are too small and don't have the budget."

As a tax preparer or CPA, form W-12 requires you to check off the box you have data security to protect your client's sensitive data.

Many businesses are just depending on anti-virus and the "Cloud" to protect them,  guess what? Things have changed, and many businesses have people working from home, using personal devices and unprotected wireless networks; this creates risk at a magnitude never previously imagined. The new risks are complex, and it's constantly evolving. The old way of managing risks, having a firewall, anti-virus, backup, and the cloud, does not cut it in the digital age of ransomware and cybercriminals. If you are seeing a bunch of pop-up messages or warning messages or unwanted emails constantly appearing in your mailbox, you already have a problem. Chances are high that you’ve already been compromised. Can you answer YES to all these security measures:

  • Can you log in to your business email or network without being prompted for a verification code or multi-factor authentication on your phone?
  • Are your staff trained on security and participating in ongoing simulated phishing attacks?
  • Are your computer drives and files encrypted?  Are you sending sensitive files using encrypted email?
  • Have you conducted regular risk assessments or "penetration testing" by a third party?


Rudy Marrujo

After performing an assessment, eSudo provided me with multiple options to resolve my issue – all within budget.

eSudo Technology is a one-stop shop for all your IT needs including projects, technical issues and even back-filling when you are short ...Read More

Rudy M,
Director of Information Technology
BioForm Medical, San Mateo, CA

Don't Worry, We Can Help!

Are you curious to know if your practice is ready for the latest FTC Safeguards requirements? It may be something you don’t think about every day, but slow outdated systems and inadequate defenses create risks and result in costly fines, downtime, and open doors for hackers or cyber criminals.

Let eSudo help you understand how well your IT infrastructure is working. We can help your business meet FTC Safeguards requirements.  Start with our network security assessment or "PEN Test" to examine key areas of your practice:

  •  Test Your Network Perimeter Defense
  • . Are you Security Patch & Vulnerability Management current?
  •   Discover whether you are using encryption
  •   Learn if your staff is using stale, repeated or crackable passwords for accounts on your network
  • And much, much more.

Dave N.

If you are contemplating outsourcing your IT function, or if your current service provider is not cutting the mustard, you should have a friendly chat with eSudo. You won’t regret it!

A few years back, I had a very good experience with the founder of ...Read More

Dave N,
Finance Controller
PerceptiMed, Inc

Book FREE FTC Strategy Call 

Schedule a Free Compliance Strategy Session today and find out how to navigate this new security obligation.




Important! We hate spam as much (or more!) than you and promise to NEVER rent, share, or abuse your e-mail address and contact information in any way.