Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Tax preparation service TaxSlayer LLC Aug. 29 settled FTC claims of failing to implement adequate security procedures to protect client information.
The Federal Trade Commission charged that the Evans, Ga.-based private company violated the Gramm-Leach-Bliley Act’s (GLB) Safeguards Rule and Privacy Rule by not implementing provisions “to protect the security, confidentiality, and integrity of customer information,” and by not delivering “privacy notices to customers.”
The enforcement action reinforces the FTC’s continuing active GLB compliance oversight role. The GLB Act authorized the FTC to issue the Safeguards Rule, which requires financial institutions to secure customer data, and the Privacy Rule, which requires companies to inform customers of the financial institution’s privacy policies. The FTC says it has brought nearly 30 cases under the Safeguards Rule.
The no-fault settlement stems from FTC claims that hackers were able to get access to 9,000 customer accounts from Oct.-Dec. 2015. The hackers used the stolen information “to obtain tax refunds by filing fraudulent tax returns,” the FTC said in its complaint.
A TaxSlayer spokesperson told Bloomberg BNA Aug. 29 that the company “reacted instantly and self-reported the attack to the IRS and took immediate remediation efforts.” Since the hack “that was aimed at less than one percent of” customers, TaxSlayer has “implemented increased security procedures and stricter authentication requirements,” the spokesperson said.
The FTC, even with TaxSlayer’s remediation efforts, decided to take action and continue focusing on consumer data security and privacy enforcement.
Tom Pahl, acting director of the FTC’s bureau of consumer protection, said in a Aug. 29 statement that “it’s critical” for tax preparation services to “implement appropriate safeguards to protect” client information. TaxSlayer failed to “have an adequate risk assessment plan, and hackers took over user accounts and committed identity theft,” he said.
Under the terms of the no-fault settlement, TaxSlayer must conduct biennial, third-party assessments to ensure compliance with federal privacy and financial services laws.
TaxSlayer must show in each assessment that it implements “administrative, technical, and physical safeguards;" explains how the “safeguards are appropriate” to the company’s size and sensitivity of customer data; shows that the safeguards “meet or exceed” required protections; and certifies that the program provides “reasonable assurances that the security, confidentiality, and integrity of personal information is protected.”
If the company fails to abide by the consent agreement in the next 20 years, it could face federal court action to enforce the order.
To contact the reporter on this story: Daniel R. Stoller in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Donald Aplin at email@example.com
Text of the no-fault settlement is available at http://src.bna.com/r4X.
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)