People trust their accountants with a lot of sensitive data, with the understanding that their private information will only be used for a specific authorized purpose. However as time goes on and data becomes even more valuable, the temptation to use this resource outside its intended scope could grow, warned Brian Tankersley, director of strategic relationships with K2 Enterprises.
While speaking more about the future than the present, Tankersley said the profession must be especially wary of possible misuse of client information, which could not only undermine the trust people have in accountants generally, but also present ethical issues for individual professionals. The potential for this, he said, is already there.
He said that firms should, at the very least, carefully read the terms of service for their particular software solutions, because some of them have users consent to the use of their data for purposes they may not intend. For example, someone might make an account with a tax platform, not knowing that their financial data is being used for another purpose by the company, such as training a machine learning program.
"That is a huge problem for practitioners from a confidentiality perspective and a professional ethics perspective, but no one is talking about it … The problem we all have is, as we use these cloud applications, we have to trust the people storing the data. And I'm not suggesting anyone is untrustworthy, but we are not doing the due diligence when we don't read the terms of service and privacy policies and understand them to make sure you comply with requirements to keep things confidential," he said.
He noted that if an individual signs up for a service, and the terms of service allow sensitive data to be shared and monetized, this might be unfortunate but it's also how the vast majority of such services work. On the other hand, if a practitioner did so on behalf of a client, there could be severe ethical implications, which, in turn, lead to professional complications. Tankersley said that he wouldn't be able to simply waive those privacy rights for clients. As a fiduciary, he would have to act in the best interests of the client. But the decision as to whether those best interests include sharing financial data is up to the client, not himself.
"So then the problem is now I've got a situation where the practitioner has shared data with someone, maybe a loan company, and it was not specifically authorized by the client and they look at the practitioner saying, 'Why are my employees getting offers from this loan site, and how do they know how much those employees make off their payroll?' That is a very uncomfortable conversation," he said.
He noted that the data-sharing model is essential for many tech businesses, and felt it is important for sellers of accounting solutions to be on guard against this model creeping into their own. Client data, according to Tankersley, is too valuable to treat like the kind of data swapped back and forth by tech companies. However, it is this very value that makes it attractive — and not even necessarily for actual software developers coding these solutions, but for investment firms who may be looking to buy them. While an individual company might care very much about the privacy of client data, these concerns might be swept aside during M&A activity.
"The other problem we have is with all these management changes taking place and private equity coming in, and a lot of M&A activity [is focused on] the same kind of data sharing and data business model that exists in Silicon Valley today. We have to remain ever-vigilant in the profession to keep that from taking place in our client data," he said.
While the privacy of client data is now more talked about in terms of cyber attacks, Tankersley predicted that, as time goes on, the discourse will start being framed more in terms of monetization and unauthorized uses. He stressed that he doesn't think anyone asking for any private information is doing so nefariously, and added that there are likely many solutions that will respect privacy. But the ones that don't, he said, will become a problem.
"This will be happening increasingly in the future. So we've got to be very diligent in looking at the privacy problems and policies and terms of service and everything else. We need to think through everything going on here because a lot of cloud things do access and functionality. Or you may be opting into a Faustian bargain where you [exploit] your client data. … I want it to be known that what they are doing, in my mind, is obscene and odious," he said.
This story is part of the second season of the Accounting Today series called "The Frontier," where we explore the cutting edge of accounting technology through conversations with thought leaders across the country, who will share with us their observations, hopes, concerns and even a few predictions here and there.
See the rest of
