DATA BREACH POLICY

To be reviewed: Annually Next review: December 2021

Date Approved: December 2020

Note to Customer:

If you believe you have been the victim of a security data breach involving your tax information, please contact Latonia Hunt, Owner/Information Security Manager at (404) 936-0770. We will assist you with filing police reports related to the data breach; if not already filed.

If directed by the IRS, A & L Accounting, LLC will contact their local office of the FBI and the Secret Service.

Risks to Customer Information

In general, the following risks to customer information are present:

• Inability to transact due to network/service downtime.
• Complex and confusing user interfaces.
• Inadequate provider recourse.
• Non-transparency of fees and other terms.
• Fraud perpetrated on customers.
• Inadequate privacy and protection of customers’ personal data.

At A& L Accounting, LLC, we minimize these risks by providing the following assurances:

• We identify and assess the risks to customer information in each relevant area of the company’s operation, and evaluate the effectiveness of the current safeguards for controlling these risks;
• We design and implement a safeguards program, and regularly monitor and test it;
• We have selected a service provider that maintains appropriate safeguards while we oversee their handling of customer information
• We evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring.
• We will check references or do background checks before hiring employees who will have access to customer information.
• We will require every new employee to sign an agreement to follow our company’s confidentiality and security standards for handling customer information.
• We limit access to customer information to employees who have a business reason to see it. For example, give employees who respond to customer inquiries access to customer files, but only to the extent they need it to do their jobs.

• We control access to sensitive information by requiring employees to use “strong” passwords that must be changed on a regular basis.
• We use password-activated screen savers to lock employee computers after a period of inactivity.
• We are developing policies for appropriate use and protection of laptops, PDAs, cell phones, or other mobile devices.
• For example, we make sure employees store these devices in a secure place when not in use.
• Customer information in encrypted files will be better protected in case of theft of such a device.
• We train employees to take basic steps to maintain the security, confidentiality, and integrity of customer information, including:
• Locking rooms and file cabinets where records are kept;
• Not sharing or openly posting employee passwords in work areas;
• Encrypting sensitive customer information when it is transmitted electronically via public networks;
• Referring calls or other requests for customer information to designated individuals who have been trained in how we safeguard personal data; and
• Reporting suspicious attempts to obtain customer information to designated personnel.
• Shredding trash to with a crosscut shredder in lieu of discarding it in the trash.
• We regularly remind all employees of your company’s policy — and the legal requirement — to keep customer information secure and confidential. For example, consider posting reminders about their responsibility for security in areas where customer information is stored, like file rooms.

If you have any questions or concerns, please feel free to contact us at Questions@aandlaccounting.com.