With the Internet providing instant access, much of the world’s information has become commoditized in a world of perfect competition. If not the latest, however, the hottest battleground over information is in the realm of personal data.
Spam-blockers, firewalls, privacy initiatives, identity-theft services and new insurance products have risen along with the economic demand for personal information.
The Ohio Society of CPAs places the highest priority on protecting the confidentiality of member data, but isn’t immune from attempts (unsuccessful) to repurpose it. Several times weekly we hear the latest clever proposal from a prospective vendor of how to increase membership value by providing free access to member data for them to market indiscriminately to our members.
This trend is increasing in CPA firms as well, on the legal as well as ethical front. While CPAs don’t have legal privilege over confidential client information, we do have a confidentiality requirement under state administrative rule and our professional codes of conduct. The number of calls we receive at the Society regarding threats to client information has increased significantly in recent years.
Let me first qualify what follows with the statement that I am not an attorney and am not qualified to provide legal advice. Please consult your attorney regarding any of the observations that follow should a similar situation apply to you.
The profession’s confidentiality rules require a CPA to comply with a validly issued and enforceable subpoena or summons. A frequent concern I’m hearing concerns what appear to be overreaching legal requests. For example, instead of requesting specific workpaper schedules relevant to an allegation, a request may be made for “all records” of a client, or worse, the computer upon which those records are stored (and which includes records of other clients, definitely not relevant to the case.)
A recent example involved a CPA who had left his former firm and did not have a non-compete agreement. His former employer subpoenaed all workpapers and billing records of the firm in a civil case supposedly to quantify the business that the CPA had stolen from his former firm. Without knowing the specifics of the case, I responded that the FTC has allowed CPAs to compete and market their business since at least 1990, and suggested that he call his attorney regarding the enforceability of the subpoena.
If you suspect that a subpoena is truly a fishing expedition or if it appears that complying with the request would be a violation of your confidentiality requirement regarding other client information, your first step should always be to contact your attorney or advise your client that they may wish to consult with legal counsel regarding whether the request should be challenged.
Be forewarned, but by no means reference this posting as permission to not comply with a validly issued and enforceable court request.