Skip to content
Artificial Intelligence

A data security checklist for tax firms using GenAI

Thomson Reuters Tax & Accounting  

· 5 minute read

Thomson Reuters Tax & Accounting  

· 5 minute read

As the integration of generative AI (GenAI) technology becomes increasingly prevalent in the tax and accounting industry, ensuring data security is paramount.

Jump to ↓

1. Use data encryption when working with clients
2. Implement access controls to use GenAI
3. Implement a quarterly security audit
4. What to consider when selecting the right technology
5. Provide security training as part of your firm’s annual curriculum
6. Minimize unnecessary data
7. Incorporate privacy considerations into the GenAI system
8. Develop an incident response plan
9. Apply monitoring and logging systems for detection
10. Keep your clients updated with your data protection

 

As the integration of generative AI (GenAI) technology becomes increasingly prevalent in the tax and accounting industry, ensuring data security is paramount. With the potential for GenAI to transform work processes and improve efficiency, it is crucial for tax and accounting professionals to adopt best practices for securing sensitive client data.

And, with the rise of cyber threats and data breaches, safeguarding sensitive client information has become a top priority. Recent trends show a growing awareness and emphasis on robust data protection measures, driven by both regulatory demands and the need to maintain client trust. As such, it’s essential for firms to stay ahead by implementing comprehensive security strategies that address these evolving challenges.

This checklist provides guidance on maintaining robust data security measures, including data encryption, access controls, regular security audits, and staff training, to safeguard against potential risks associated with GenAI usage.

1. Use data encryption when working with clients

    • Ensure all sensitive data is encrypted both in transit and at rest.
    • Use strong encryption standards and regularly update encryption protocols.
    • A recent report from the Thomson Reuters Institute titled Generative AI in Tax Firms stated that 65% of the surveyed tax and accounting firms have data security as one of their main focuses when considering GenAI applications.

2. Implement access controls to use GenAI

    • Implement strict access controls to limit data access to authorized personnel only.
    • Use multi-factor authentication for accessing GenAI systems and sensitive data.

3. Implement a quarterly security audit

    • Conduct regular security audits to identify and address vulnerabilities in GenAI systems.
    • Perform penetration testing to assess the robustness of security measures.

4. What to consider when selecting the right technology

    • Choose GenAI tools that prioritize data security and have a proven track record.
    • Evaluate vendors based on their security certifications and compliance with industry standards.
    • Checkpoint Edge with CoCounsel stands out with its decades of refined, proprietary content, enhancing the efficiency of tax and accounting research by providing professionals with quick, authoritative answers.

5. Provide security training as part of your firm’s annual curriculum

    • Provide continuous training for staff on data security best practices and general GenAI usage.
    • Educate employees on recognizing and responding to potential security threats.
    • Just 10% of surveyed tax and accounting firms in the 2024 Generative AI in Tax Firms report stated their firms were using GenAI on an organizational level.

6. Minimize unnecessary data

    • Limit the collection and retention of data to what is necessary for business purposes.
    • Regularly review and purge unnecessary or outdated data.

7. Incorporate privacy considerations into the GenAI system

    • Only 9% of surveyed firms are using proprietary tax-specific GenAI tools.
    • Integrate privacy considerations into the design and implementation of GenAI systems.
    • Conduct privacy impact assessments to evaluate potential risks.

8. Develop an incident response plan

    • Develop and maintain an incident response plan to address data breaches promptly.
    • Conduct regular drills to ensure staff are prepared to respond effectively.
    • Empower employees to act confidently and decisively in protecting the firm’s reputation and client trust.

9. Apply monitoring and logging systems for detection

    • Implement monitoring and logging systems to detect unauthorized access or anomalies.
    • Regularly review logs to identify and investigate suspicious activities.

10. Keep your clients updated with your data protection

    • Keep clients informed about data protection measures to build trust and maintain transparency.
    • Show commitment to protecting client information and reassure them of responsible data management.
    • Obtain explicit client consent for all data handling practices.

Ensuring data security in the age of GenAI

Implementing a robust data security strategy is essential for tax and accounting professionals utilizing GenAI technology.

By following this checklist, tax and accounting firms can enhance their data protection measures, ensuring the confidentiality and integrity of client information.

As GenAI continues to evolve, staying informed about the latest security practices and maintaining a proactive approach to data protection will be key to leveraging the benefits of this transformative technology while safeguarding against potential risks.

 
Graphic of a line-drawn brain against a dark gray background with orange and light gray lines crossing in the brain.

 

← Back to blog

Related posts

More answers