Read the form before the sales copy
The operative word is “aware.”
Form W-12 asks applicants to address data security responsibilities. The current revision says: “I am aware that paid tax return preparers are required by law to create and maintain a written information security plan that provides data and system security protections for all taxpayer information.” It then points preparers to IRS Publications 5708 and 4557.
That sentence confirms awareness of a responsibility. It does not say, “I certify that my firm has implemented every applicable element of 16 CFR Part 314.” Treating those as identical statements changes the source instead of explaining it.
The correction does not remove the obligation.
The FTC Safeguards Rule and the obligations that apply to covered tax practices do not depend on inflated checkbox copy. A firm may still need a written information security program, appropriate safeguards, service-provider oversight, training, and a program that stays current.
The honest sequence is:
- Read the current form and the regulation.
- Determine what requirements apply to the firm.
- Inventory and test the actual systems.
- Write the program around the controls and the remediation plan.
Fear marketing reverses that sequence. It starts with a consequence, overstates the checkbox, and sells a document as relief. The source supports a quieter and more useful conclusion: the responsibility is real, so the assessment should be real too.
What to ask a provider
If a vendor describes the PTIN prompt as a full compliance attestation, ask them to show the exact current Form W-12 text. Then ask whether their service verifies controls or only supplies a template. A provider should be able to answer both without changing the wording of the source.
Sources
- Form W-12 — IRS Paid Preparer Tax Identification Number application and renewal.
- Instructions for Form W-12 — Line 11, Data Security Responsibilities.
- IRS Publication 5708 — Creating a Written Information Security Plan for your Tax & Accounting Practice.
- IRS Publication 4557 — Safeguarding Taxpayer Data.
- 16 CFR Part 314 — Standards for Safeguarding Customer Information.