IRS Adds Security Requirement to W-12 PTIN Application and Renewal Form

minute read

Last Updated September 1, 2023


The IRS recently released the updated W-12 (PTIN Application Renewal) form and one of the questions that preparers will need to take note of is #11-Data Security Responsibilities which states:

“As a paid tax return preparer, I am aware of my legal obligation to have a data security plan and to provide data and system security protections for all taxpayer information. Check the box to confirm you are aware of this responsibility.” 

Security responsibility and resources are outlined in IRS Publication 4557-Safeguarding Taxpayer Data and IRS Publication 5293-Data Security Resource Guide for Tax Professionals.


“Protecting taxpayer data is the law” according to IRS Publication 4557 which states that tax preparers must create and enact security plans to protect client data and online filers must comply with the “Security Six”  and privacy standards set in IRS Publication 1345-Handbook for Authorized IRS e-File Providers of Individual Income Tax Returns.  The Security Six refers to the use of anti-virus software, firewalls, multi-factor authentication, backup software/services, drive encryption and virtual private networks as outlined in the IRS’s publication: “Tax Security 2.0.”


To create a written data security plan the IRS provides guidance in Publication 4557 as well as recommending the National Institute of Standards and Technology document on “Small Business Information Security-The Fundamentals.”


Publication 4557 states that tax preparers must be able to understand basic security steps and how to take them, recognize the signs of data theft and how to report a theft, be able to respond and recover from a data loss and understand and comply with the FTC Safeguards Rule.  Tax preparers must also learn to recognize phishing emails, utilize security software, and generally be able to work safely on the Internet as outlined in the guide. It is recommended that all firms assign a tax person to work with the firm’s internal information technology personnel and an outsourced information security provider to get the firm in compliance with these IRS regulations.


This article was originally published for CPA Practice Advisor. Copying or distribution without the publisher’s permission is prohibited.

Subscribe to our blog

Get Rightworks articles delivered straight to your inbox.