It's tax season. For the past few months or weeks, you've probably been sharing lots of personal financial information with your accountant or financial planner or you're doing your own taxes and filing online to the IRS. But maybe you're feeling a bit antsy with all the data-security breaches in the news, and you call your accounting firm to check their privacy and security policies. "Hi, may I speak to your compliance officer?" you ask. "Who?" the receptionist responds. "Your compliance officer. The person in charge of making sure the firm is in tune with the Gramm-Leach-Bliley Act." The receptionist responds, "Oh, yeah, that's the new hip-hop band my teenagers are listening to, right? Sorry, I don't know anyone here who knows anything about that band, but if you need some extra W2s I can send them to you." "No, I'm talking about customer privacy," you say. "Oh, yes, we have a privacy policy that we send to all our customers, and we post it on our Web site," the receptionist says. "Yes, I'm aware of that, but does the firm secure my personal data? The privacy policy is no good if it isn't enforced. Is there a compliance officer I can speak with? You have a compliance officer, right?" "Uh, let me get back to you on that," the receptionist responds.

The problems going on with ChoicePoint and Bank of America are just the tip of the iceberg if you ask Robert Chastain, general counsel of Ceeva Inc., whom I spoke with last week. His firm, a systems integrator and compliance auditor, was hired last year by a nonprofit group to do surveys assessing compliance with the federal law designed to protect consumers from identity theft. (CPA firms, tax preparers, and similar businesses all must comply, regardless of their size.)

"We found 90% noncompliance in every industry we surveyed," he said. "One large regional investment firm we surveyed used 'Password' for the password on every computer in the office. So you have as much to fear from your own accountant or investment adviser as you do from ChoicePoint."

Here are other good questions posed by Ken Casey, senior VP of retail banking at ATB Financial (see story, "Data In Peril"). "Are we doing anything that could compromise the security of customer data? What steps have we taken, and is there anything else we can do?"

Stephanie Stahl,
Editor-in-chief [email protected]

To discuss this column with other readers, please visit Stephanie Stahl's forum on the Listening Post.

To find out more about Stephanie Stahl, please visit her page on the Listening Post