What Happens to Client Data in AI-Powered Tax Workflows
- Jan 5
- 6 min read
Every tax partner asks the same question when AI comes up: What happens to my client data?
It's a fair question. Tax firms handle Social Security numbers, bank accounts, EINs, and complete financial histories for thousands of clients. The IRS receives three to five data theft reports from tax practitioners every week. A 55-person Louisiana firm recently exposed 127,431 people's personal data in a single breach, and an accounting firm in Maine compromised over one million individuals and now faces a class action lawsuit.
All of this is happening at firms using traditional methods, not AI.
When someone proposes adding AI to the compliance workflow, the instinct to pump the brakes makes sense. But most partners don't realize that a well-secured AI platform can be significantly tighter than whatever they're already running.
How Client Data Moves at Most Firms
Walk through how client data moves during a typical compliance engagement at your firm and you'll probably recognize this pattern.
Trial balance comes in via an email attachment. Someone downloads it to their local drive and then uploads it to a shared network folder. The data gets copied into Excel workpapers that live on a shared network folder, with names like "TB_Final_v3_FINAL_updated.xlsx."
Associates email a link to those workpapers to managers for review, and if your firm uses offshore support, those same files get forwarded in an unencrypted email to a team in India for data entry.
Every single handoff opens another exposure point. About 25% of accounting firms now outsource to offshore workers, which means client EINs and financial data travel internationally through email attachments with varying levels of encryption.
The FTC Safeguards Rule requires tax preparers to maintain written information security plans. The IRS mandates specific security controls for anyone holding a PTIN. But enforcement is spotty, and if you're being honest about it, most firms operate with security practices that would fail any serious audit.
The Breach Numbers
Metric | Figure |
Average cost of a data breach in financial services | |
Average cost across all industries | $4.88 million |
Percentage of firms losing over half their clients after a breach | 89% |
IRS data theft reports from tax practitioners per week | 3-5 |
The IBM Cost of a Data Breach Report 2025 puts financial services breaches well above the average, and the client loss numbers are brutal. Nearly nine out of ten breached accounting practices lose more than half their book within six months.
The AI Security Question Is Pointed in the Wrong Direction
Here's what's strange about the security conversation around AI in tax.
Teams that wouldn't think twice about emailing a workpaper full of EINs to their offshore team suddenly become deeply concerned about data security the moment someone mentions AI. The Stanford Graduate School of Business found that 43% of accountants cite data security as their primary concern about AI adoption, which is legitimate, but it's being applied selectively.
In January 2025, Sage Group temporarily suspended its AI assistant after users discovered it was displaying invoices from other customer accounts. That was a real failure, but it was a failure of data isolation architecture, not something inherent to AI. The same flaw could exist in any cloud software.
The security questions you should ask about AI platforms are the same questions you should ask about any software touching client data. Whether the system uses AI or not doesn't change the security framework you need.
What Enterprise Security Actually Means
When you're evaluating any AI vendor for tax work, security credentials aren't negotiable. Most vendors will throw around terms like "enterprise-grade" without explaining what that means, so here's what you're looking for.
SOC 2 Type II Certification
SOC 2 is an auditing standard from the AICPA that evaluates how a company manages customer data across five criteria: security, availability, processing integrity, confidentiality, and privacy.
Certification | What It Means |
SOC 2 Type I | Controls reviewed at a single point in time |
SOC 2 Type II | Controls tested over 6-12 months of actual operation |
The distinction matters. Type II means the vendor's security controls have been tested over an extended period, not just documented and checked once. Any AI vendor handling tax data needs current SOC 2 Type II certification. If they can't produce the report, walk away.
Encryption Standards
Data should be encrypted both at rest and in transit. The standards you're looking for are AES-256 encryption for stored data and TLS 1.2 or higher for data transmission. If a vendor
can't tell you exactly what encryption they use, that tells you everything.
Access Controls and Audit Trails
Enterprise AI platforms maintain detailed logs of who accessed what data and when. Role-based access controls mean a first-year associate only sees the clients they're assigned to, and partners can review complete audit trails down to who opened which workpaper and what changes they made.
Compare that to your current Excel workflow. When was the last time you could tell exactly who opened a workpaper, when they opened it, and what they changed? Most firms don't have that visibility. A properly built AI platform gives you more control over your data than you have now.
Data Isolation
Your client data should be logically separated from other customers' data, with isolated encryption keys. The AI should never train on your client information unless you explicitly authorize it.
This is where Sage got it wrong. Their AI was surfacing data across customer boundaries. A platform built correctly keeps your data completely separate from everyone else's.
The Questions to Ask Before Signing Any Contract
Before any contract goes out, get clear answers on these points. A legitimate vendor answers directly and provides documentation. Evasive responses are a disqualifier.
Data residency: Where is data stored, and under what jurisdiction? If you have clients with specific requirements about where their data can be processed, this matters.
Retention and deletion: What's the data retention policy? Can you delete client data on demand, and how quickly does deletion complete?
Internal access: Who at the vendor company can access your data? The answer should be a very short list with strict access logging.
Penetration testing: Is the platform pen-tested, how often, and by which third party? Regular penetration testing by an outside firm is standard for enterprise software.
Breach response: What's the incident response procedure and notification timeline? You need specifics, not vague assurances.
How AI Can Be Tighter Than Your Current Setup
A well-secured AI workflow eliminates a lot of vulnerabilities baked into traditional tax compliance, and once you think through it, the logic is pretty straightforward.
When data stays within the platform with role-based access at every level, you don't have PDFs of K-1s floating through inboxes or workpapers getting forwarded to personal email accounts when someone wants to work from home. When you eliminate the offshore data entry step, you eliminate an entire category of exposure, no more data traveling internationally with varying privacy law protections.
The MIT Project NANDA research found that organizations crossing the "GenAI Divide" report measurable savings from reduced BPO spending, and part of that value comes from eliminating the security overhead of managing offshore data flows.
Every change gets logged and every access gets recorded. When a client asks who touched their data and when, you have an audited answer instead of "let me check with the team."
The Regulatory Picture
The IRS keeps tightening requirements on tax preparer security. Publication 4557 outlines mandatory safeguards, and the Security Summit partnership between the IRS, state agencies, and the tax industry adds new requirements regularly.
Regulatory Body | Potential Penalty |
FTC under Safeguards Rule | Up to $100,000 per violation |
State attorneys general | Additional actions vary by state |
Civil liability | Varies by breach scope and negligence |
Using an AI platform with current security certifications strengthens your compliance posture. SOC 2 reports, penetration test summaries, and encryption certificates demonstrate the kind of due diligence regulators want to see. When a client asks what you're doing to protect their data, you have an audited answer instead of a vague policy document that hasn't been updated since 2019.
The Security Comparison
Security Factor | Traditional Workflow | Enterprise AI Platform |
Data encryption at rest | Varies, often none on local drives | AES-256 standard |
Data encryption in transit | Email varies, often unencrypted | TLS 1.2+ required |
Access controls | Folder permissions, inconsistent | Role-based, enforced |
Audit trail | None or minimal | Complete logging |
Offshore data handling | Emails to third parties | Eliminated |
Third-party certification | None | SOC 2 Type II |
Penetration testing | Never | Regular, documented |
Most firms worrying about AI security run setups that would score poorly on every one of these metrics. The question isn't whether AI is secure. The question is whether it's more secure than what you're doing now, and for most firms the answer is yes.
What This Means for Your Firm
Security concerns about AI aren't irrational, but they're often pointed in the wrong direction.
A SOC 2 Type II certified platform with AES-256 encryption, role-based access controls, and comprehensive audit logging is almost certainly more secure than emailing Excel files to offshore teams and storing client data on local drives with inconsistent backups.
The firms that figure this out early aren't just getting efficiency gains. They're building security postures that will be table stakes within a few years, while their competitors are still emailing workpapers around and hoping nothing goes wrong.
Comments