MTW wrote:

- quote -

That "goof" should have been "good," but I nevertheless
find some humor in my error. <g
MTW

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

Drew Edmundson wrote:

- quote -

Probably for me, too. After giving efiling a goof hard look
for the past few weeks, I am once again concluding that it
simply doesn't make any sense for my practice - except,
perhaps, on a very occasional case-by-case basis. So, I most
likely won't change my policies or procedures for 2004.

MTW

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

"MTW" <mtwingcpa[at]yahoo.com> wrote:

snip

While not conceding the point, the snipping (by both of us)
has gotten so severe and the conversation so long I think
the context has been lost. I am not able to accurately
reply without starting all over again. I am sure that our
fellow newsgroup participants don't want that

The whole point is academic for me as Intuit includes the
information you believe is required in its license
agreement.

Drew Edmundson, CPA (NC)

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

Drew Edmundson wrote:

- quote -

Consider a "typical" sentence from a policy statement: "I
shall not disclose your information without your CONSENT
except as REQUIRED or PERMITTED by law." This appears to
divide the disclosures into 3 categories. "Consent"
disclosures should be obvious because the client either
consents or not. "Required" disclosures must be made
regardless of whether the client consents or not.
"Permitted" disclosures (as I understand it) are optional
disclosures that do not require client consent.

(As we've discussed, it is questionable whether the concept
of "permitted" disclosures applies to CPAs. As I recall, the
FTC FAQ describes situations applicable to the banking
industry, and I confess that I am not conversant on banking
regulations or practices. <g> )

Efiling clearly falls into the CONSENT group because it is
not REQUIRED by law (at least, not as of this morning <g> )
and it is not PERMITTED without client consent. Hopefully
this explains my prior comment that efiling "...is never
ALLOWED or PERMITTED..." because it can only take place with
CONSENT.

- quote -

I agree that we are down to splitting a very fine hair.
Prior to the FTC regulations, I was always comfortable with
confidentiality protections if everyone in the "room" was
subject to legal or licensing restraints on disclosures. So
I never had a problem discussing issues with other
client-appointed CPAs or attorneys or financial advisors,
etc., so long as the discussion was consistent with the
client's interests. However, it seems to me that the FTC
regs have raised the bar by requiring a "contractual
agreement" between the parties. In other words, it is no
longer sufficient that there be REGULATORY protections. Now
there must also be CONTRACTUAL protections.

This, obviously, is my problem with efiling. It doesn't
appear sufficient that I am an authorized ERO and the
software company is an authorized TRANSMITTER, both subject
to IRC nondisclosure requirements. Now it appears that there
must also be a "contract" between us. The mere fact that we
could all go to jail is, apparently, no longer sufficient
from the FTC's point of view. <g
In this regard, I think the FTC regs ~have~ created a
"substantive" rule, subtle though it may be. <g
- quote -

Agreed.

MTW

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

"MTW" <mtwingcpa[at]yahoo.com> wrote:
- quote -

Thank you. You more eloquently expressed my point. Using
UPS as an example was good, takes the heat off electronic
communication as the baddy.

I don't read it as strict as this but I am sure there is
someone somewhere who would be upset to know UPS doesn't
guarantee the confidentiality of packages.

Drew Edmundson, CPA (NC)

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

"MTW" <mtwingcpa[at]yahoo.com> wrote:
- quote -

I am with you to this point because you seem to be saying
that with consent from the client (which we preciously
agreed was done by client signing form 8453/8879) then you
are ok with WA. Without consent from the client you aren't
ok with WA. The FTC makes it clear their rules don't
override any rules that are more restrictive. From what you
say WA's disclosure rules (like NC's) are more restrictive
than the FTC's.

- quote -

Here is where you lose me again. You said form 8453/8879
was consent so I just don't understand the purpose of the
first sentence. Without the first sentence the second is
moot. Maybe I am just too dense, please explain in more
simple terms.

- quote -

I split this line out to avoid confusion regarding my next
response.

- quote -

I agree with all of the preceding paragraph.

- quote -

I don't know if I agree with this or not. Initially I
thought I did but the more I think about it the more I
disagree. If I understand it correctly the FTC is not
requiring you to have the contract unless you don't want to
include an opt out option. So if you are correct that
"permitted by law" doesn't apply to e-filing then I think
your disclosure of the relationship and providing an opt out
for e-filing is ok as far as the FTC is concerned. Perhaps
not good enough for WA but the FTC didn't create the WA
requirements.

snip

Drew Edmundson, CPA (NC)

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

Drew Edmundson wrote:

- quote -

Yes, that's my point.

- quote -

The distinction is whether you have to OBTAIN client
consent, or whether you can simply proceed without it. For
example, many CPAs believe that you can confirm or deny the
existence of a client relationship without violating client
confidentiality. If so, then that disclosure would be
"permitted by law" and you would not have to obtain client
consent or offer an opt out. (Parenthetically, I'm not sure
that would be allowed under the WA State accountancy law,
which appears to be fairly "absolute.")

But, to the best of my knowledge, efiling is NEVER "allowed"
or "permitted" WITHOUT client consent. So, I question
whether the FTC FAQs related to "permitted" activities would
apply.

- quote -

That's an interesting interpretation, but I disagree. FWIW,
it is my understanding that the FTC rules are supposed to be
simply "procedural" (dealing with what you must disclose,
etc.) and NOT "substantive" (creating new or different
confidentiality requirements). In other words, the FTC rules
supposedly do not create ADDITIONAL confidentiality
requirements above and beyond those you are already subject
to. Rather, the FTC rules simply require that you DISCLOSE
the rules you are subject to, and offer opt-outs in certain
circumentstances.

That sounds great, except my point in this entire thread is
that the "contractual agreement" requirement is, in fact, a
SUBSTANTIVE requirement (in my opinion).

- quote -

That's an excellent point. I will definitely add the line
about efiling because I (obviously! <g> ) believe it is
necessary. But, I might skip the proposed line about email,
etc., because that is arguably already covered by another
line dealing "circumstances beyond my control."

MTW

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

MTW wrote:

- quote -

Oops, I lied!

I just received a very nice letter from the vendor in
question indicating that they plan modify their license
agreement to incorporate a reference to their privacy policy
statement AND to specifically state that no other use will
be made of efiled data unless required by law.

MTW

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

"MTW" <mtwingcpa[at]yahoo.com> wrote:
- quote -

Let me try to rephrase what you are saying. Are you saying
that since it is not legal under WA law to disclose a
client's information that the "allowed by law" part of the
FTC's regulations are not met? If so I apologize for being
so dense. I still don't agree we just weren't on the same
page.

If you have the clients consent then disclosure is permitted
by WA. Isn't that the same as "allowed by law"?

Regardless, I believe the phrase "permitted by law" in the
regulations actually means permitted by the GLB and the
regulations not a general "permitted by all laws, local,
state and federal."

- quote -

Full disclosure is good but I wouldn't go into so much
detail that few will read it. I have recently been to a
specialist (nothing serious) and everyone along the way had
a HIPPA policy. Some were small type and 3 to 4 pages long.
I bet most people are like me, they just sign the thing
because they just don't have time to read it, quiz the
medical professional, and understand it. In my case there
has been no disclosure, probably mostly my fault but at
least partly the medical professionals for failing to make
their policies clear and concise.

Drew Edmundson, CPA (NC)

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

Drew Edmundson <drewsbeagles[at]hotmail.com> wrote:
- quote -

Oops, I stand corrected, the client can give permission if
you notify them you have no control of the isp, etc. and
they don't opt out of e-mail.

Drew Edmundson, CPA (NC)

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

MTW wrote:

- quote -

most times the jury does not have the technical competence
to really "make the call" if there is a question about
whether the actions were or were not substandard. So most
of us turn to looking to the parties actions for things we
*do* understand and then use that to help judge credibility
on the denial.

For that reason, a plaintiff's attorney is going to try his
darnedest to find something you did that was clearly "wrong"
even if was also clearly of no negative consequence (no
damages to any party). That helps the jury make the leap to
believe the plaintiff's experts on the question of whether
the technical matter was botched due to negligence, by
giving the impression you are sloppy as regards what is
required of you as a professional.

To paraphrase one CPE instructor on the issue, it's not
following all the rules scrupulously is going to help you so
much as failing to follow any rule will *hurt* you in such a
case.

--
Ed Zollars, CPA
Phoenix, AZ

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

Drew Edmundson wrote:

- quote -

I agree that a strict reading of the FTC rules creates all
kinds of problems with everyday things that we all more/less
take for granted. For example, here's a quote from my ISP's
Terms of Service:

"You are responsible for the protection of your account and
data. You are advised that the Internet is not a secure
system. Data can be and often is, viewed by third parties.
Information of a private or confidential nature should not
be placed on the system or if it is you should take steps to
protect it using encryption technologies. [NAME OF ISP]
SPECIFICALLY DENIES ANY RESPONSIBILITY FOR THE SECURITY OF
YOUR ACCOUNT AND THE DATA STORED IN [NAME OF ISP]
FACILITIES. [name_of_isp].net is not a storage facility and
customers wishing to safeguard their data should make
back-ups and store them in a secure place. [Name of ISP]
notifies you that back-ups may remain in [Name of ISP's]
facilities and could be subject to seizure by law."

So, I guess the "contractual agreement" in this case says
that there IS NO protection against unauthorized use or
disclosure. <g
Then, I took a look at UPS's terms of service. I found
nothing in their Terms and Conditions that appeared to
explicitly address the confidentiality of data within their
custody. However, I found the following "snip" from their
Privacy Policy statement:

"Although we make reasonable efforts to limit access to our
facilities and vehicles to authorized personnel, we are not
responsible for maintaining the confidentiality of
information that is printed and placed in plain view on a
package or letter."

This may not rise to the level of being a "contract." And,
it appears to leave unclear the question of their
responsibility for the confidentiality of data INSIDE a
package.

Bottom line: It appears that I do NOT have a "contractual
agreement" with either of these service providers that
protects against the unauthorized use or disclosure of
information within their possession.

MTW

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

Drew Edmundson wrote:

- quote -

I forgot to mention... Lest anyone think that I live in
mortal fear of being "Abu Ghraib'd" by jack-booted
government thugs from the Federal Trade Commission, I don't.
<g> My concern with these regulations is, and always has
been, that a plaintiff's attorney in a malpractice suit
could chew you apart on the witness stand by (among other
things) demonstrating that you don't ~meticulously~ follow
appropriate privacy guidelines and therefore, by
implication, you must not be meticulous about other aspects
of your work.

I doubt that the average jury could get their hands around
whether I (say) properly adjusted someone's basis after a
reorganization. But, I'll bet they would understand an
alleged breach of privacy concerns just fine. <g
MTW

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

Drew Edmundson wrote:

- quote -

Yes, that's correct. My problem is with the FTC regulation.

- quote -

Respectfully, I guess I don't see the similarity. Under my
state's accountancy act (the "highest" regulation I am
subject to), efiling is neither "permitted" nor "required."
Rather, it is a discretionary act on my part, subject to
"client consent."

When choosing to offer efiling services, I could do it in
one of two ways (plus maybe there are other options). I
~could~ file DIRECTLY with the IRS. That would likely be
most effective at preserving client confidentiality, but it
is also the most expensive method. So, being a cheapskate, I
elect to efile through third party intermediaries.

As far as the WA BOA is concerned, I figure I've met their
requirements if I obtain client consent. But, have I ALSO
met the FTC requirements? The FTC rules seem to indicate
that I must disclose (and perhaps offer an opt-out) if
disclosures are made to "unaffiliated third party" service
providers UNLESS there is a CONTRACTUAL AGREEMENT with the
third party barring further disclosure (or, perhaps, unless
the disclosure is "permitted" by law...which it isn't in my
case).

So, anyway, since I doubt my software provider is likely to
change their license agreement at my behest <g> , I plan to
add the following line (current draft <g> ) to my privacy
policy statement: "Electronic filing services are
facilitated through IRS authorized third party
intermediaries." I don't view this solution as ideal, but at
least it gets the issue up on the table so that a client's
consent is reasonably "informed."

I'm also going to add the following line to the "addendum"
of my policy: "I cannot guarantee the security of
communications by email, voicemail, cellular phone, FAX, or
private courier." I've noticed, by the way, that more and
more companies are adding similar comments about email,
etc., to their policies.

MTW

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

Arthur L. Rubin" <ronnirubin[at]sprintmail.com> wrote:
- quote -

I'm not a lawyer :/

I think you missed my overall point which is that if you use
e-mail and you have a strict reading of the FTC's rules then
you need contracts with all the companies along the way.
AFAIK the FTC doesn't give consumers the right to waive the
contract requirement with service providers.

Drew Edmundson, CPA (NC)

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

Drew Edmundson wrote:

- quote -

Actually, I take exeption to your statement here, although
it's more a legal question than a tax question. A lawyer
SHOULD NOT send E-mail to a client absent an explicit
waiver of confidentiality.

Now, financial confidentiality may be held to a lower
standard....

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

Ed Zollars, CPA wrote:

- quote -

Speaking in my capacity as an "observer," I can confirm that
some of us DO IN FACT harbor that suspicion. <g
MTW

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

"MTW" <mtwingcpa[at]yahoo.com> wrote:
- quote -

I am now really confused by your interpretation. Don't you
say (below) that the 8453/8879 meets state law? If so,
then it seems you only have to worry about the FTC and the
IRS. The IRS participated in the creation of third party
e-filing so shouldn't they be OK with it? So we are left
with the FTC and its "permitted by law" language. In light
of this please revisit the example I previously posted from
the FTC's FAQ. To me it looks similar enough to e-filing to
fit the bill.

I agree for you it won't work because you don't have the
"permitted by law" language in your privacy policy.

snip

Drew Edmundson, CPA (NC)

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

Drew Edmundson wrote:

- quote -

That's the item you posted? It appears to rely on the
"PERMITTED by law" exception in the FTC rules. But this is
where the train starts coming of the tracks... <g
Under my state's accountancy law, there IS NO "permitted by
law" exception. There is only "REQUIRED by law," "standards
of the profession" (peer review, etc.), and "consent of the
client." So, I'm between a rock and a hard place. And,
accordingly, I do NOT refer to a "PERMITTED by law"
exception in my privacy policy statement (since it would be
meaningless).

Now, as far as state law is concerned, the client's
signature on the 8879 or 8453 should meet the "consent"
requirement. But this leaves unresolved the issue of FTC
compliance where an "unaffiliated third party" is involved.
To comply with the FTC requirements, I continue to believe
that one must either have a contractual agreement with the
third party blocking unauthorized disclosure, or provide
additional disclosures on the matter and/or provide the
client with some kind of a formal opt-out procedure. I
realize that not everyone agrees with me on this point, but
not everyone is a partner in my firm. <g
- quote -

And, what's more, why was the AICPA (and other professional
organizations) asleep at the switch when the FTC drafted its
regulations? As my little rant demonstrates, trying to
reconcile all of these somewhat conflicting requirements is
very difficult. In my opinion, much of this nonsense could
have been avoided had the profession been adequately
represented at the time.

MTW

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

Drew Edmundson wrote:

- quote -

My suspicion--had the AICPA been the plaintiff rather than
the NYSBA, the decision would have been different. First,
judges will be a lot more readily persuaded that the
practice of law is "different" than they will that any other
profession is different. Reality is that *all* professionals
tend to feel their profession is "special" while others are
simply money grubbing crooks who are out to take advantage
of the public <grin> . So having the legal profession go
first simply makes sense--now you have a better chance, once
the ruling is on the record, of using that interpretation,
if it is sustained on appeal, to bootstrap other
professions.

Second, the CPA profession wasn't in the best public
relations position when GLB came down. Judges also read the
papers, and appearing to back those crooked accountants
after Worldcom and Enron might not have been appealing.

Third, I think for the profession to have gone down that
road would have been a real negative in light of the
development of tax return outsourcing and coverage of the
same. That could have given an additional push to not only
throw out a case challenging GLB, but have caused Congress
to look at specifically *INCLUDING* accountants in GLB to
make the court case moot.

After all, the court didn't rule that Congress *couldn't*
have subjected attorneys to GLB, just that the judge didn't
feel the FTC went through the proper determination to
include them and that the judge didn't believe it was
Cogress's intent to regulate attorneys. That makes the
decision easy to undo.

--
Ed Zollars, CPA
Phoenix, Arizona

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->