In-depth exploration of attorney-client privilege vs. CPA-client confidentiality, legal frameworks, and Privacy Acts affecting tax practice and client data protection.
Professionals in tax and accounting practices must fully understand the obligations that arise when handling client information. While attorneys rely on attorney-client privilege, CPAs rely on a blend of ethical rules, state-specific accountant-client privilege (if applicable), and federal statutes such as Internal Revenue Code (IRC) Section 7525, which grants a limited privilege for tax advice in certain situations. This section explores the fundamental differences between attorney-client privilege and CPA-client confidentiality, examines how privileged communications apply within a tax practice context, and reviews the Privacy Act considerations that govern the handling of personal data. Throughout this discussion, we will also highlight best practices and potential pitfalls for ensuring data protection and respecting client confidentiality.
Use this chapter in conjunction with other chapters in Part II (Ethics, Professional Responsibilities, and Federal Tax Procedures) and cross-reference relevant discussions in Chapter 3 (Ethics and Responsibilities in Tax Practice) and Chapter 5 (Federal Tax Procedures) for expanded context.
Understanding the nuances of privilege and confidentiality is critical for CPA candidates. Although the obligations can seem similar, the legal enforceability of attorney-client privilege versus the professional duty of confidentiality owed by accountants differs significantly. Failure to observe these distinctions can lead to ethical breaches, legal exposure, and potential disciplinary action by state boards of accountancy or other regulatory bodies.
Privileged communications are those that cannot generally be disclosed in a court or similar legal setting without the client’s consent. The most commonly recognized form of privilege is the attorney-client privilege, which seeks to foster candid communication between a client and an attorney so that legal advice can be rendered effectively.
• Attorney-Client Privilege: This privilege is well-established in common law and protects most confidential communications between a client and an attorney for the purpose of obtaining legal advice. Attorneys cannot disclose these communications without the client’s permission. Privilege applies to written and oral communications, legal memoranda, and other attorney work product as long as it is related to legal advice and the client intended the communication to remain confidential.
• Work Product Doctrine: A related protection to attorney-client privilege is the work product doctrine, which shields materials prepared by an attorney in anticipation of litigation from disclosure. While not identical to attorney-client privilege, the work product doctrine further emphasizes the strict legal protections that apply to attorneys’ documents and analyses.
Unlike attorneys, CPAs do not universally benefit from a “client privilege” recognized under federal common law. Instead, CPAs are bound by various confidentiality rules established by:
• AICPA Code of Professional Conduct: The AICPA requires members to maintain client confidentiality and to refrain from disclosing confidential client information without specific consent (with limited exceptions, such as when required by law). This ethical mandate is integral to fostering trust and maintaining professional integrity.
• State Laws: Some states have enacted accountant-client privilege statutes, but these privileges are typically narrower than attorney-client privilege and may not always protect the CPA or the client in federal proceedings. The scope and enforceability of these privileges differ significantly by jurisdiction.
• IRC § 7525 (Tax Practitioner Privilege): This provision extends, in certain circumstances, confidentiality for tax advice given by a federally authorized tax practitioner (including CPAs, enrolled agents, and attorneys). It is important to note that this “tax practitioner privilege” is narrower than attorney-client privilege and does not apply to criminal proceedings, matters before state tax courts, or disclosures relating to tax return preparation itself. Additionally, if a CPA is assisting in any form of criminal tax courtroom matter, the communications may not be fully protected by IRC § 7525.
To visualize these differences, see the following diagram, which compares client communications under attorney-client privilege with communications under CPA confidentiality standards:
flowchart LR
A["Client"] --> B["Attorney <br/> (Attorney-Client Privilege)"]
A --> C["CPA <br/> (CPA-Client Confidentiality)"]
B --> D["Protected from forced disclosure <br/> in most legal proceedings"]
C --> E["Ethical duty to maintain <br/> confidentiality, limited statutory <br/> privilege under IRC § 7525"]
• Attorney-client privilege: Legally enforceable in federal courts and most state jurisdictions. If a subpoena or court order demands disclosure, attorneys typically retain strong grounds to refuse based on privilege.
• CPA-client confidentiality: CPA confidentiality is primarily an ethical duty, enforceable through professional standards. While certain jurisdictions provide statutory accountant-client privilege, it is not recognized in all states, nor is it guaranteed at the federal level (except in limited circumstances under IRC § 7525).
• Attorney-client privilege: Typically covers discussions and documentation related to obtaining legal advice, litigation strategies, and other legal matters.
• CPA-client confidentiality: Encompasses information shared for the purpose of accounting, tax preparation, or financial advice. However, the privilege is more limited and does not prevent disclosure if subpoenaed in some federal court contexts unless IRC § 7525 or state laws specifically apply.
• Attorney-client privilege: May be waived if a client discloses protected information to third parties, or if the communication was intended for furthering a crime or fraud.
• CPA-client confidentiality: Clients can waive confidentiality. CPAs must disclose information if legally compelled by a valid subpoena, if required by their professional obligations in an ethics review, or when mandated by federal or state laws.
IRC § 7525 grants limited privilege to federally authorized tax practitioners (CPAs, enrolled agents, and attorneys) with respect to tax advice. Important caveats include:
• The privilege does not apply to criminal matters.
• The communication must be for the purpose of tax advice and not simply tax return preparation.
• The privilege can be void if the communications are used to commit or plan a crime or fraud.
A Kovel arrangement occurs when an accountant works under the direction of an attorney to assist with providing legal advice. In such arrangements, the accountant is essentially acting as a translator of complex accounting or tax issues for the attorney. Courts have recognized that, under these specific conditions, the accountant’s communications with the client may be covered by the attorney-client privilege extended through the attorney’s engagement, provided the arrangement is properly structured.
In addition to ethical obligations and privilege extensions, CPAs must be aware of federal and state privacy laws that govern the handling of clients’ personal information. Two significant laws include:
• Applies to the federal government’s collection and use of personal information, mandating agencies to maintain records accurately and securely.
• Although not all private businesses are directly governed by the Privacy Act, CPAs who represent clients before federal agencies should be mindful of how agencies handle or request client data.
• When dealing with records requested by federal agencies (including the IRS), accountants need to ensure that disclosures are lawful and that the Privacy Act’s restrictions are followed if applicable.
• Requires financial institutions (including certain CPA firms that provide financial services) to document and disclose how they protect consumers’ confidential data.
• CPAs may be considered “financial institutions” if they provide certain services such as wealth management, investment advice, or personal financial planning.
• Requires safeguarding client information, implementing policies to secure data, and providing annual notices to clients regarding private information handling.
• State Data Protection Statutes: Many states have enacted data breach notification laws requiring businesses to promptly notify affected individuals if a breach occurs.
• Foreign Laws (e.g., GDPR): While specifically European, the General Data Protection Regulation (GDPR) can affect CPAs with international clients, imposing enhanced data protection and breach reporting standards.
Consider the following scenarios to see how these legal concepts play out:
• A small business client shares sensitive financial data with both an attorney and a CPA. Under attorney-client privilege, the attorney may refuse to disclose the communications if subpoenaed in a civil matter. The CPA, however, may not be able to refuse disclosure unless the matter involves qualified tax advice protected by IRC § 7525 or by a relevant state privilege statute.
• A multinational corporation hires an accounting firm to handle complex tax planning. The firm’s staff are subject to both the AICPA Code of Professional Conduct and the Gramm-Leach-Bliley Act if they handle personally identifiable financial information. The firm also must comply with IRC § 7216 regulating the disclosure or use of tax return information. The client’s data must be safeguarded, and the firm may need to provide privacy policy disclosures. If a subpoena is issued for the corporation’s records, the CPA cannot depend on an attorney-client privilege but may have limited recourse under IRC § 7525 for specific tax advice documents.
• During a potential criminal tax investigation, an individual seeks advice from a CPA. The CPA quickly realizes that the matter exceeds the scope of routine tax compliance and requires legal representation. If the individual continues with only the CPA and expects communications to remain privileged, they risk forced disclosure. Had the CPA been hired under the direction of an attorney in a valid Kovel arrangement, some communications might be privileged through the attorney.
• Make Clients Aware of Limits: Remind clients that CPA-client confidentiality is not the same as attorney-client privilege. Clarify that certain communications may be disclosed if legally required.
• Observe IRC § 7525 Requirements: Remain informed about the scope of tax practitioner privilege and ensure the communication is strictly within the realm of tax advice.
• Consider a Kovel Arrangement: In high-stakes legal matters, collaborate with legal counsel to structure an engagement so that the accountant’s work falls under the protection of the attorney-client privilege, if legitimate and appropriate.
• Implement Robust Data Security Controls: Comply with the Gramm-Leach-Bliley Act, the Privacy Act (where relevant), and state laws by encrypting emails, securing physical files, limiting employee access to sensitive data, and conducting periodic privacy trainings for staff.
• Maintain Up-to-Date Privacy Policies: Disclose your firm’s practices for storing, processing, and protecting client data, especially if your firm falls under GLBA or other privacy regulations.
• Know When to Disclose: Understand when a valid subpoena or court order requires compliance. Seek legal advice if uncertain about disclosing information.
• Keep Clear Documentation: Retain a thorough record of client communications, engagement letters, and disclaimers regarding the limited nature of privilege.
• AICPA Code of Professional Conduct.
• Treasury Department Circular 230 for rules governing practice before the IRS.
• Internal Revenue Code § 7525 for the limited “tax practitioner privilege.”
• State statutes on accountant-client privilege.
• The Privacy Act of 1974 and the Gramm-Leach-Bliley Act.
As a CPA, recognizing the boundaries of confidentiality and privilege is essential to preserving client trust and maintaining professional and legal integrity. CPAs should remain vigilant in keeping up-to-date with evolving legislation and ethical guidelines.
Taxation & Regulation (REG) CPA Mocks: 6 Full (1,500 Qs), Harder Than Real! In-Depth & Clear. Crush With Confidence!
Disclaimer: This course is not endorsed by or affiliated with the AICPA, NASBA, or any official CPA Examination authority. All content is for educational and preparatory purposes only.