I recently wrote a piece on the European Union’s General Data Protection Regime (GDPR) for AccountingWeb.com. A link to that piece is here.
This week’s episode of the excellent Security Now! podcast (#599, starting at 53:10) discusses the use of AES Crypt by clients to encrypt tax data when sending it to practitioners. (I assume that those documents are destined to a professional preparer, like you, the gentle reader of this blog). While I won’t restate the original blog post (which is at http://cantus.us/encrypt-your-tax-documents-before-you-send-them/), the method described is a relatively simple way for an end user to encrypt and send a group of encrypted files over an insecure medium like Dropbox or other consumer-grade file sharing tools. While the method described in the post can be implemented poorly (weak passwords, sending the wrong file, using e-mail, etc.), the basic methodology appears sound – but you need to evaluate the methods you approve for clients to use transmitting data.