Small and Medium Certified Public Accountants (CPAs) and Licensed Tax Preparers struggle with the cost and complexity of complying with state and federal data security regulations for Taxpayer data.  The IRS describes these requirements in Publication 4557 – Safeguarding Taxpayer Data.   Moreover, regulations to protect client data now extend beyond the IRS. In 2021 the Federal Trade Commission (FTC) updated its Safeguards Rule which requires that tax preparers must create and enact written information security plans to protect client data. Failure to do so may result in an FTC investigation.  The IRS also may treat a violation of the FTC Safeguards Rule as a violation of IRS Revenue Procedure 2007-40, which sets the rules for tax professionals participating as an Authorized IRS e-file Provider. The Gramm-Leach-Bliley (GLB) Act also requires companies defined as “financial institutions” to ensure the security and confidentiality of this type of information. The “financial institutions” definition includes professional tax preparers.

These regulations not only make safeguarding data within the firm complex, but also make client communication an even bigger challenge. Small and independent Tax Professionals thus frequently face a conundrum: deploy expensive systems or forgo compliance and assume a substantial financial risk.

PreVeil for CPA and Tax Preparers:

PreVeil is an integrated, cloud based, encrypted email and file sharing system used extensively by defense organizations for compliance that offers small CPA and Tax firms the same security benefits while also being easy to deploy, use and affordable. It enables these firms to adopt encryption — the highest standard of data security -to store and conveniently share data with clients and within their own organization. With PreVeil, Tax and CPA firms can achieve and demonstrate broad compliance with the key data security and privacy objectives of the IRS, FTC and GLB:

  1. Ensure the confidentiality, integrity, and availability of client data they create, receive, maintain, or transmit, preferably using encryption.
  2. Identify and protect against threats to the security or integrity of the information.
  3. Protect against reasonably anticipated, impermissible uses or disclosures.
  4. Ensure compliance by their workforce.

 

PreVeil Email enables firms and their clients to send and receive end to end encrypted messages using their existing email address. PreVeil does not impact the existing email service and seamlessly integrates with a preparer’s Microsoft Outlook, Gmail, and Apple Mail for a familiar user experience. It also works in browsers and mobile apps for Apple and Android devices. PreVeil offers strong protection against phishing scams because it can be set up to restrict communication only to authorized users. Emails can even be automatically encrypted if their subject lines indicate they contain Tax data. If recipients don’t have a PreVeil account, they can establish one for free in minutes, making it simple for clients and 3rd parties to adopt.

 

PreVeil Drive is an encrypted file synchronization, storage and sharing system very similar in functionality to OneDrive, Google Drive or Dropbox. However, unlike those, it is fully end-to-end encrypted and can be used to securely share files and folders containing client tax data. It is designed to be impervious to costly Ransomware attacks.  Drive supports granular access permissions such as Read only or Edit & Share. Shared data can even be revoked to mitigate 3rd party risk. Preparers benefit from a simple workflow because Drive can be seamlessly integrated with Windows Explorer or Mac Finder for a familiar experience.  Clients can conveniently access both their secure email and files on computers as well as their mobile devices.

 

PC Magazine has awarded PreVeil its Editors’ Choice for Best Encrypted Email and Filesharing system for security and ease of use, four years in a row.

 

Benefits:

Meet Client Data Security and Privacy Requirements using Encryption:

PreVeil uses end-to-end encryption, the gold standard of data security to protect data. This technology ensures that only the sender and recipients can access data, no one else, not even PreVeil. Encryption renders even successful attacks on servers useless because client data is always indecipherable. PreVeil accounts are also impervious to password attacks because it uses unbreakable encryption keys to grant access. It’s also designed so even an attack on an IT administrator will not reveal data. These default security capabilities, in conjunction with PreVeil’s administrative features enable preparers to demonstrate they meet the four key best practices for data security and privacy, namely:

  • Access Control. PreVeil enables providers to limit access to tax data to only authorized persons and devices.
  • Audit Controls. PreVeil creates immutable, cryptographic audit logs that record access and other activity, including changes made to tax data.
  • Integrity Controls. Firms can prove that data has not been improperly altered or destroyed because whenever any changes are made to a file, Drive creates a new cryptographically verifiable version of the changes. This capability also ensures that data is protected from Ransomware attacks.
  • Transmission & Storage Security. Tax data is always encrypted while it is being transmitted over an electronic network or stored on cloud servers to prevent unauthorized access.

Mobile and Multi-device Access

PreVeil’s Email and Drive can be accessed from any of the users’ mobile devices and computers. PreVeil is available as an elegant, encrypted, free app for iOS and Android phones and tablets.. provides easy access to sensitive data Not only does this make it greatly convenient for clients and providers but also it solves the challenging security and encryption requirements for Tax data on mobile devices since those capabilities are built in by default.

Simple Deployment

PreVeil can be deployed alongside an organization’s existing Office 365, Exchange or GSuite infrastructure without any impact to those systems. While the system is designed for self-deployment, PreVeil’s support team can help set up an organization and train users in an hour.

Affordability and Free Client Accounts

Providers deploy PreVeil using a low-cost, all-inclusive License that costs $20/month and includes both secure email and files. Clients and others typically access for free by taking advantage of PreVeil’s Express accounts resulting in 75% savings compared to those from large providers.

Data Breach Notification and Recovery Benefits

Breaches are very expensive to address and recover from. In the event of a Data Breach, tax preparers are required to notify clients, the IRS and FTC.  However, since the data stored within PreVeil is always encrypted and thus indecipherable to attackers, organizations can save significant expense and reputation damage associated with breach notification.

Futureproof Compliance

The PreVeil service’s extensive use by defense organizations require it to maintain compliance credentials that exceed IRS and FTC requirements. This means that as requirements to protect financial and tax data inevitably evolve, preparers can remain confident they are keeping up. PreVeil is independently audited to comply with the Federal Government’s Risk and Authorization Management Program (FedRAMP Moderate), for cloud services as well as FIPS 140-2 Encryption standards. The service is also used to meet NIST 800-171 and ITAR security standards for storing, sharing, and exporting sensitive military data. We provide documentation and third-party audit reports to customers as evidence of compliance.

 

Get a free quote to learn how PreVeil can be the foundation of a preparer’s Information Security Plan.  It’s end-to-end encryption plus email and file functionality puts it at the core of protecting client communications and data. These capabilities offer Tax Professionals a simple path to compliance and protection from cascading financial damages from data breaches.