The Tax Practitioners Board (TPB) has released an exposure draft on Cloud Computing.
Per the ED, a registered agent must know and understand the nature of any cloud computing arrangements they enter into, particularly in the context of how these arrangements impact upon the tax agent services being delivered to their client.
Cloud services include information storage, lodgment of returns, digital signatures, client information portals and practice management software.
The ED recommends that relevant information about the cloud computing arrangements is disclosed to clients through an engagement letter or other communication.
It’s clear the registered agent needs to have a good understanding of who actually performs the services, the data management practices of the SaaS provider, and the security controls they have in place.
Registered agents also need to be aware that the Privacy Act 1988 (Privacy Act) sets out a number of Australian Privacy Principles (APPs) which govern the use of, storage and disclosure of personal information and other conduct by organisations.
More information available from the TPB website.