Cloud Computing, Social Media, and Confidentiality
By Maria Pirrone and Joseph E. Trainor for The CPA Journal
Keeping data confidential and secure in the digital age is a paramount concern for most CPAs. These concerns are particularly important because the disclosure or release of sensitive data could have serious implications for not only a CPA’s clients, but also the CPA firm itself. There are many things that one can and indeed MUST consider in light of recent high-profile cases:
Selection of cloud service providers
Don’t take security for granted. Inquire about a provider’s policies with regard to confidentiality, data integrity, and avail-ability. Make sure that the service provider has received an AICPA Service Organization Controls (SOC) report.
When selecting or assessing cloud service providers, the details of the service agreement merit serious consideration.
Advise clients of the appropriateness of using social media to announce major life events such as trips, large purchases, and extravagant lifestyles. Consider adopting effective strategies for monitoring and maintaining the firm’s own social media.
Consider the need to consult with an attorney on the development of policies regarding the deletion of old e-mails from ISP servers.
Decide which information needs to be stored electronically on in-house servers and which information will be uploaded to the cloud. Consider which information should be stored electronically and which information should be retained in hard copy.