PortalSafe

[jshtax]

I have not had a chance to play around with this feature or even read what it is capable of doing. Has anyone used this and if so what is the learning curve like? Is it just a cloud like application you can put files for clients to access with a login? If this has been addressed feel free to direct me to that thread.

[Guest Taxed]

https://portalsafe.com/faqs.aspx

Ran the demo earlier this year. I do not get a lot of taxpayer source data in pdf format so it does not make sense for my shop.

If you want to send the pdf of the prepared return to the client, they will get an e-mail inviting them to log into the server and download it from there. So it is a 2 step process.

If a client requests a pdf of their return, I just e-mail them the pdf encrypted, 1step process.

For a CPA firm or larger shop dealing with a lot of pdf files for source docs. it may make sense.

For Drake users they have a similar option called secureFilePro. Same concept.

SecureFilePro Plans and Pricing

* Capacity estimates are based on an estimated average document size of 500 KB.

[dianakcpa]

I am not computer savvy, so how do you send an encrypted PDF file from ATX?

[Guest Taxed]

I use Adobe Acrobat to encrypt and password protect.

[jshtax]

We receive 10% electronically and that is only when a client comes in before their K1 or 1099s are ready. I have received emails from accountants that prepare k1s for LPs that is a link to their firms website and you login to retrieve the k1s. Seems to me that is a lot of effort just to post k1s for members/partners/shareholders on a website. I just noticed recently in 2012 and also in 13 beta that you have an option to print to PortalSafe and thought it might be a way to put their return out there for them to log in to retrieve. I assume PortalSafe has a certain level of encryption to protect the files.

[Guest Taxed]

Yes they say that the files are encrypted on their servers. You can print from CCH products to the portalsafe folder.

[jshtax]

Oh GOD.....if their servers are as good as ATX 2012 then my 3yr old could probably hack into the system.

[Jack from Ohio]

I do not buy into the whole "It is not safe unless it is encrypted" hysteria.

Contact me with a message and I will explain my facts and information. I am sure I will be blasted by the paranoid petunias about it.

For the record, there is NOTHING in Circular 230 requiring encryption of information sent via electronic means. Another misinformation rumor.

[kcjenkins]

Jack, old friend, PLEASE ease up on the insults. It would be so much better if you just stay on the high ground and just ignore anyone who "blasts" you. I assure you, if they get over the line, the moderators will respond. Calling them names [especially in advance] is inappropriate here. I value most of your input, and hope you go back to your old high standards.

[Randall]

Even if it is safe without encryption, I still do it with password. Even if it's just a placebo effect. It also makes the client feel more comfortable. But brokers won't email their info to clients even with encryption. I'm currently waiting for a client to receive some cost info thru snail mail.

[Lion EA]

There are state laws., also. My colleagues in MA tell me they cannot email tax information without meeting the MA regulations.

I use CCH's Execusite, or whatever they're calling their website program now, which includes FileShare, a simple portal. I have clients that use it to upload their documents to me. I recently used it to post a return to a client who had moved out of state. I also have brokers and banks that similarly have the K-1s or whatever posted where I sign in with a password to retrieve. That said, most of my clients like to deal in email and prefer no passwords or encryption.

[Guest Taxed]

In my opinion it is just prudent to encrypt and password protect. Granted it is not 100% fail safe, a hacker who is targeting for your particular info will get it eventually, but why make it easy for the rest?? Same principle when you put a steering wheel lock or alarm in your car. You hope the thieves look for an easier target than yours. But if they want your particular car, they will get it no matter which alarm you put.

Just like Lion I do get several requests to send without password protected, because these "challenged" individuals can't enter a 6 digit #??

[michaelmars]

I do not buy into the whole "It is not safe unless it is encrypted" hysteria.

Contact me with a message and I will explain my facts and information. I am sure I will be blasted by the paranoid petunias about it.

For the record, there is NOTHING in Circular 230 requiring encryption of information sent via electronic means. Another misinformation rumor.

Unfortunately is doesn't always matter what you believe, we have to follow regulations and many states have enacted regs that say we must encrypt. Here we have to encrypt AND we have to shred. Nothing with a soc sec# can go in regular garbage. We have been using encryption but are going to a client file share system for larger files.

[jklcpa]

Unfortunately is doesn't always matter what you believe, we have to follow regulations and many states have enacted regs that say we must encrypt. Here we have to encrypt AND we have to shred. Nothing with a soc sec# can go in regular garbage. We have been using encryption but are going to a client file share system for larger files.

Michael or anyone else - do you have a chart or any kind of a summary of the states' requirements that you could share?

[Guest Taxed]

I don't know if a chart is available that summarizes all this nicely. Perhaps NATP or CPA society??

But here is something I go by. I am in MA:

At least 10 states now have general security laws that require reasonable measures to protect defined categories of personal information (including California, Massachusetts, Maryland, New Jersey and Rhode Island). While the scope of coverage, the specificity of the requirements and the definitions vary among these laws, personal information is usually defined to include general or specific facts about an identifiable individual. The exceptions tend to be information that is presumed public and does not have to be protected (e.g., a business address).

There are now a number of state laws that require specific safeguards for defined types of personal information as well. They generally cover Social Security numbers, driver’s license numbers and financial account numbers, but some also cover health information. They include laws requiring reasonable security, breach notices and secure disposal.

The most comprehensive of this type to date is a recent Massachusetts law, M.G.L. c. 93H, which applies to “persons who own, license, store or maintain personal information about a resident of the Commonwealth of Massachusetts.” Covered “personal information” includes Social Security numbers, driver’s license numbers, state-issued identification card numbers, financial account numbers and credit card numbers.

The implementing regulation became effective March 1, 2010. With its broad coverage of “persons,” this law may well be applied to persons nationwide, including attorneys and law firms, when they have sufficient contacts with Massachusetts to satisfy personal jurisdiction requirements.

It requires covered persons to “develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards.” In addition to requiring a risk assessment, the regulation contains detailed requirements for the information security program and detailed computer system security requirements. The security requirements include:

Encryption of all transmitted records and files containing personal information that will travel across public networks, and encryption of all data containing personal information to be transmitted wirelessly; and

Encryption of all personal information stored on laptops or other portable devices.

[michaelmars]

Michael or anyone else - do you have a chart or any kind of a summary of the states' requirements that you could share?

I am in NY so I only follow their regulations.

[Guest Taxed]

Most of the banks in my area post the 1099 and 1098 on the account page of the account holder and send them an e-mail to print it themselves. But as usual they forget, so what I have done is setup a spare computer with internet for them to log in at their bank or broker site (for K1 and 1099-B, Div etc.) and print it. I have setup so that it prints by default as a pdf and then I can see it in the folder.

What I don't want to do is log in as the account holder using their password, because I would be violating the bank's rules. I stopped counting how many times my clients will tell me their password to get it myself??

[Jack from Ohio]

Jack, old friend, PLEASE ease up on the insults. It would be so much better if you just stay on the high ground and just ignore anyone who "blasts" you. I assure you, if they get over the line, the moderators will respond. Calling them names [especially in advance] is inappropriate here. I value most of your input, and hope you go back to your old high standards.

I will stop all references to anything anyone else says.

[easytax]

I am a small one person operation and VERY CAREFULLY have to watch costs and still stay lawful.

With that in mind I had a practitioner tell me about "dropbox.com" (no quotes) that has a basic FREE 2 gig (expandable by 500 mg up to 18 gig with each "other person" who signs up (free service counts too) service. Please look this over to see if this will serve your needs.

Given the information from an earlier post (as shared below) as to size, above -- this seems to be a winner (unless you need the private branding, etc.). This pertains to sharing (back and forth) encrypted files, NOT to long term storage or leaving the files for an extended period of time.

SecureFilePro Plans and Pricing

* Capacity estimates are based on an estimated average document size of 500 KB.

[Guest Taxed]

Some of my friends use dropbox.com (the free one) to share their vacation pictures, recepies etc. From what I have seen it is basically a cloud storage system where you can stuff anything you want and then share it with your friends.

I would not recommend the free version for your business use. Just does not look professional enough.

I am not sure what their business version offers or what they charge for it. But if you are a Drake user with a very limited # of clients who are willing to give you the source docs in a pdf format, $10/month is not a bad deal for the 4 months you may use it. You don't have to private brand it fancy. Just put your contact info.

[joelgilb]

For the same price of the Standard Portal Safe, you can get AFSB (www.afsb.com) to provide you a complete website, the same portal space on your website, monthly client newsletters and a host of calculators. For a one time fee you can even have them custom design it for you, or duplicate your current website (as I did).

Also, you will generally be able to get more than 2000 files on it if needed, but that applies to the 1gb on Portal Safe too.

[jshtax]

After the 15 second delay with input today and no sign of correction going forward I will most likely be leaving ATX. It took 3 hours to do a return today that should have taken no more than an hour.

[Guest Taxed]

Better now than in January??

[jshtax]

I have only seen delays of 3-4 seconds after getting our computers off the domain and making them peer to peer.

[Guest Taxed]

Unfortunately not too many business networks are peer to peer??

I bet if you ran it on a standalone computer the speed would improve.