In today’s digital-first world, accounting firms are under increasing pressure to protect sensitive client data. With new federal and state regulations taking effect, the stakes have never been higher. Whether you’re a solo practitioner or a multi-partner firm, failing to comply with these laws could result in steep fines—or worse, a loss of client trust.
Here’s what you need to know about the latest cybersecurity requirements and how CompassLane can help you stay ahead of the curve.
📍 Washington State’s New Data Breach Notification Law
Washington’s updated RCW 19.255.010 mandates that any business handling personal information must notify affected residents—and the Attorney General—within 30 days of discovering a data breach. This includes: [RCW 19.255…breaches.]
- Names combined with Social Security numbers, driver’s license numbers, or financial account details.
- Login credentials, even if encrypted, if the encryption key was also compromised.
- Notification must be in plain language and include the breach timeline, types of data affected, and contact info.
Key takeaway: If your firm experiences a breach affecting more than 500 Washington residents, you must notify the Attorney General and provide a sample of the consumer notice. [RCW 19.255…breaches.]
🛡️ IRS Requirements: Tax Security 2.0 & Written Security Plans
The IRS, in collaboration with state tax agencies and industry partners, has released the Tax Security 2.0 Checklist—a must-follow guide for all tax professionals. Highlights include: [Data Breac…Washington]
- Implementing the “Security Six”: antivirus software, firewalls, two-factor authentication, backup systems, drive encryption, and VPNs.
- Creating a Written Information Security Plan (WISP)—not optional, but required by law. [THE WASHIN…9.255.010)]
- Educating staff on phishing, ransomware, and signs of client data theft.
- Developing a data theft recovery plan and contacting the IRS immediately if a breach occurs.
IRS Publication 5708 provides a detailed WISP template, including risk assessments, hardware inventories, and breach response protocols. [THE WASHIN…9.255.010)]
🔐 FTC Safeguards Rule: What It Means for Your Firm
The FTC Safeguards Rule, updated in 2021, applies to most accounting firms—especially those handling more than 5,000 consumer records. Under this rule, firms must: [Revised Co…Justia Law]
- Designate a Qualified Individual to oversee cybersecurity.
- Conduct a written risk assessment and implement technical, administrative, and physical safeguards.
- Use multi-factor authentication, encrypt sensitive data, and monitor access logs.
- Develop an incident response plan and assess third-party service providers.
Non-compliance penalties can reach up to $100,000 per violation, with firm leaders personally liable for up to $10,000. [Revised Co…Justia Law]
✅ Not Sure If You’re Compliant?
Cybersecurity compliance isn’t just about checking boxes—it’s about protecting your clients, your reputation, and your business.
👉 Take our free Cybersecurity Audit to see if your firm meets the latest federal and state requirements.
Compass Lane is here to help accounting firms navigate the complex world of cybersecurity compliance. From WISP development to breach response planning, we provide the tools and expertise you need to stay secure and compliant.