SharePoint
Tax Information

Privacy Act

The Gramm-Leach-Bliley Act of 1999 became effective on July 1, 2001.

NATP hears directly from the FTC regulators on the questions of compliance.

The Gramm-Leach-Bliley Act (the "Act") was signed by President Clinton in November, 1999. Section 504(a) of the Act requires the Federal Trade Commission to regulate the application of the Act to "financial institutions."  Tax preparers and other providers of financial services are included in the Act's definition of "financial institutions."  The FTC issued final regulations on March 24, 2000.  See 16 CFR Part 313.  July 1, 2001 is the effective date of the regulation. 

In a nut shell, the regulation requires tax preparers and other professionals who provide financial services, as sole proprietors or in firms, to provide all clients who they do business with after July 1, 2001 with notice of their privacy policy.  The privacy policy needs to be presented in a clear and conspicuous written form.  To define clear and conspicuous NATP consulted one of the two principle authors of CFR Part 313, Clarke Brinckerhoff, Attorney, Division of Financial Practices, Federal Trade Commission. 

We asked Mr. Brinckerhoff whether clear and conspicuous means that privacy policies must be presented to clients in a separate mailing dedicated to the policy or, alternatively, if inclusion of the appropriate policy in the text of a standard engagement letter, for instance, would be satisfactory.  Mr. Brinckerhoff stated that, "clear and conspicuous does not require a separate mailing.  If the privacy policy were included in a standard engagement letter I would advise that it be presented as a separate document, a separate page – even if it were a half page. 

How about including a privacy policy in a standard engagement letter as the closing paragraph? Mr. Brinckerhoff added, "we [FTC] recognize that the Act and our regulations may add administrative costs, but that is not necessarily so.  A distinct paragraph within a standard letter may also satisfy the clear and conspicuous rule.  Whatever form the notice is given it should be labeled as the practitioner's privacy policy.  The label is necessary to draw attention to the policy and distinguish the policy from other information that might be included in a communication like an engagement letter. The same policy language in the same letter, without the use of a heading, would not be clear and conspicuous. Those subject to the Act are required to draw attention to their privacy policy – that is the minimum."

On the one hand, a tax return preparer's compliance with the Act should be a very simple matter.  In Mr. Brinckerhoff's own words, "yes [the Act] is duplicative of privacy protections in many other context."  The tax code prohibits a preparer from divulging any client return information.  As Willie Lau, NATP New Jersey Chapter President, recently commented, "I don't share client information – even their name or address which is clearly not considered return information – with anyone outside my office.  That simply doesn't happen."  If this fairly describes your relationship with clients then we could recommend use of the following simple privacy policy statement,

    Privacy Policy

    "We do not disclose any non-public personal information about our customers or former customers to anyone, except as instructed to do so by such customers or as required by law.  We restrict access to non-public personal information to those professionals necessary to[brief description of service provided ] and we maintain physical, electronic, and procedural safeguards to guard your non-public personal information.

On the other hand, if your practice goes beyond the scope of tax return preparation or if you do routinely share return information such as name, address, and phone number (directory information) with affiliated financial service professionals, we would recommend a somewhat more expansive privacy policy statement.  I.R.C. Section 6713 prohibits any disclosure of return information, to include directory information, with non-affiliated third parties.

The significant difference, other than the broader disclosure represented below, is that the Act requires practitioners who do share information with "affiliated third parties" to present clients [referred to as customers by the Act] with the opportunity to "opt-out."  When a client opts-out the Act prohibits the practitioner from divulging any "non-public" information to even an affiliated third party for any purpose.  The Act will treat even directory information as "non-public."

    Privacy Policy

    "We do not disclose any non-public personal information about our customers or former customers to anyone, except as instructed to do so by such customers, or as required by law. Further exception is made with respect to directory information, limited to [describe directory information, e.g. name, address, and phone number], we may refer this information to an affiliated financial service professional where such referral is thought to be in your interest.  Please advise us if instead you would require us to hold all information, including basic directory information, confidential under any circumstance.  We restrict access to non-public personal information to those professionals necessary to [brief description of service provided] and we maintain physical, electronic, and procedural safeguards to guard your non-public personal information.

An entire copy of this federal Rule can be found as a pdf file (requiring Adobe Acrobat) at http://www.ftc.gov/os/2000/05/index.htm under May 24, 2000 at 16 CFR Part 313.

NATP Login

Email or Member ID:

Password:

PO Box 8002, Appleton, WI 54912-8002 Phone: 800.558.3402 Fax: 800.747.0001

eweb keepalive image