Quick Links
Hours
- Monday - Sunday 8:30AM - 11PM
Policies & Agreements
Get Connected
- New York, USA
- +012 3456789
- [email protected]
Effective Date: 2/8/2025
Last Updated: 2/8/2025
At Brendan CPA, we are committed to maintaining the confidentiality, security, and integrity of client information. As a licensed CPA in New York, we adhere to all applicable state and federal regulations, AICPA professional standards, and IRS data protection guidelines to ensure the highest level of privacy and security for our clients.
This Data Security & Confidentiality Policy explains how we handle, store, and protect sensitive client data, including tax, financial, and personal information.
We understand that as a CPA firm, we handle highly sensitive financial and tax-related information. We are legally and ethically bound to maintain strict confidentiality under:
New York State Accountancy Laws AICPA Code of Professional Conduct (Confidential Client Information Rule 1.700.001) IRS Data Protection and Circular 230 Regulations FTC Safeguards Rule & Gramm-Leach-Bliley Act (GLBA) for Financial Data Protection
We handle and protect the following categories of confidential client information:
Personal Information
Full name, address, phone number, email Social Security Number (SSN) / Taxpayer Identification Number (TIN)
Financial & Tax Information Income records, W-2s, 1099s, K-1s Tax returns, deductions, and credits Business financials, profit & loss statements Banking and payment details for tax filings or refunds
Client Communications & Documents Emails, phone calls, and consultation notes Documents uploaded via our secure client portal Any sensitive business or tax planning information
We use industry-leading security measures to protect all client data from unauthorized access, breaches, and cyber threats.
Encrypted Cloud Storage – All financial records, tax documents, and client files are stored in a secure, encrypted cloud server (ProConnect Tax). No Physical Copies – We do not store or print paper copies of client tax returns or financial documents. Secure Client Portal – Clients upload and retrieve documents via an encrypted client portal to prevent unauthorized access. Multi-Factor Authentication (MFA) – Required for accessing sensitive financial systems and tax preparation software. Restricted Employee Access – Only authorized personnel have access to client files, and access is logged and monitored.
We never share, sell, or disclose confidential client data except under the following circumstances:
Client Authorization – We may share tax returns or financial records only with written client consent (e.g., for loan applications, tax audits). Legally Required Disclosures – We may disclose information only when legally mandated, such as:
Third-Party Service Providers – We use trusted accounting platforms (e.g., ProConnect Tax, Intuit, Google Analytics) to enhance security, but we do not share client financial data for marketing or analytics purposes. Client Rights: Clients have the right to request a copy of their records, opt-out of certain data sharing, or dispute incorrect information.
We retain client records only for as long as legally required and securely dispose of data when it is no longer needed.
Data Retention Periods Tax Records: Stored for up to 7 years (per IRS & NY regulations). Financial Statements & Bookkeeping Records: Retained for at least 5 years. Client Communications & Consultations: Retained for up to 3 years, unless part of an ongoing service agreement.
Secure Data Disposal
As a client of Brendan [Last Name] CPA, you have the following rights:
Request Access to Your Records – You may request copies of your financial data and tax filings. Correct or Update Information – If you find inaccuracies in your data, we will correct them upon request. Opt-Out of Data Sharing – Clients may request not to have their data shared with third parties (except for legal or regulatory compliance). Request Deletion of Personal Data – Upon request, we will remove personal information unless legally required to retain it.
To exercise these rights, contact us at: [email protected]
In the rare event of a data breach or unauthorized access, we follow strict incident response protocols:
Security Incident Response Plan Immediate Investigation – If a breach is suspected, we conduct a forensic review. Client Notification – Affected clients will be notified within 72 hours, as required by law. Regulatory Reporting – If required, we report breaches to the IRS, NY State, and relevant authorities. Enhanced Security Measures – If an issue is detected, we implement stronger security protections immediately.
We strictly adhere to the following laws, regulations, and ethical standards:
New York State CPA Regulations (Title 8, Article 149 of NY State Education Law) AICPA Code of Professional Conduct (Confidential Client Information Rule 1.700.001) IRS Security Standards & Circular 230 Regulations FTC Safeguards Rule & Gramm-Leach-Bliley Act (GLBA) CCPA (California Consumer Privacy Act) – If applicable to clients from California
All personnel handling financial and tax data are trained on compliance and confidentiality obligations.
For questions regarding this Data Security & Confidentiality Policy, or to request data access or corrections, contact:
Email: [email protected]
By using our services, you confirm that you have read, understood, and agreed to this policy.
© 2025 – All Rights Reserved. Licensed – Certified – Insured