Accounting firms adopted AI tools faster than almost anyone predicted. For data privacy and AI, accounting professionals face multiple overlapping obligations — and the gap between AI enthusiasm and security awareness is widening.

A CPA pastes a client’s K-1 data into ChatGPT to draft a planning memo. A controller uploads a trial balance to an AI-powered analytics platform. A tax preparer runs a client’s Social Security number through a third-party AI tool to verify filing status. Each of these actions, done in seconds without a second thought, potentially violates federal law, professional conduct standards, or both.

The gap between AI enthusiasm and data security awareness is widening. And the consequences aren’t hypothetical.

Data Privacy and AI: The Professional Standards Accounting Professionals Must Follow

Multiple overlapping frameworks govern how accounting professionals handle client data, and every one of them applies when AI enters the picture.

The AICPA Code of Professional Conduct, Section 1.700.001, prohibits members in public practice from disclosing confidential client information without specific consent. When a practitioner enters client data into an AI tool, that data leaves the practitioner’s control. Depending on the tool’s terms of service, the AI provider may store, process, or use that data for model training. That’s a disclosure, whether intended or not (AICPA Code of Professional Conduct).

IRC Section 7216 adds a criminal dimension. Tax return preparers who disclose taxpayer information to third parties without consent face penalties. The statute doesn’t distinguish between disclosing data to a person and disclosing it to a software platform.

Then there’s the regulatory layer. The FTC Safeguards Rule (16 C.F.R. Part 314), issued under the Gramm-Leach-Bliley Act, classifies tax preparers as financial institutions. Every firm that prepares returns for compensation is required to maintain a Written Information Security Plan, or WISP. That requirement doesn’t scale based on firm size. Solo practitioners are covered (IRS Publication 4557).

How AI Creates Liability That Didn’t Exist Before

Traditional data security focused on keeping unauthorized people out. AI introduced a new vector: practitioners voluntarily sending client data outside secured environments.

The most common exposure points are deceptively mundane: pasting client financial data into a general-purpose AI chatbot, uploading documents containing personally identifiable information to cloud-based AI platforms without reviewing the provider’s data handling terms, using AI tools that retain conversation histories on shared devices, or auto-populating AI prompts with client identifiers when generic data would serve the same purpose.

None of these actions feel dangerous in the moment. That’s precisely why they create liability. The practitioner isn’t trying to breach confidentiality. But the professional standards don’t evaluate intent. They evaluate whether reasonable precautions were in place.

What ‘Reasonable Precautions’ Looks Like in Practice

Reasonable precautions appears throughout data security guidance but is rarely defined with the specificity practitioners want. In the context of AI tool usage, the standard translates into concrete practices.

First, understanding what happens to data after it enters an AI system. Does the provider store inputs? For how long? Can stored data be accessed by provider employees or used for model training? The answers vary dramatically across platforms and change with each terms-of-service update.

Second, classifying data before it enters any AI tool. Client names, Social Security numbers, EINs, and financial account numbers are never appropriate inputs for general-purpose AI tools. Anonymized or synthetic data can often achieve the same result without the compliance risk.

Third, maintaining documentation. If a firm uses AI tools in client work, the firm’s WISP and internal policies are expected to reflect that usage. IRS Publication 4557 emphasizes that firms facing a data breach will be evaluated on whether they had documented processes in place and whether those processes were current, communicated to staff, and enforced.

The COSO Framework Enters the Picture

In February 2026, COSO published Achieving Effective Internal Control Over Generative AI, the first major governance framework mapping AI-specific risks to the widely used Internal Control Integrated Framework. The guidance organizes AI use cases into categories like data ingestion, automated processing, and insight generation, each with tailored control expectations (Journal of Accountancy).

For accounting firms, the practical takeaway is significant. External auditors are already referencing this guidance when evaluating AI-related controls. Firms that haven’t formalized their AI governance are operating without a framework that their auditors may expect them to have.

One key principle from the COSO guidance: generative AI outputs are probabilistic, not deterministic. Organizations are expected to treat AI-generated outputs as assertions requiring validation, not as reliable facts. In an accounting context, that means AI-drafted memos, calculations, or client communications all require human review before they go anywhere.

Cloud-Based vs. Locally Hosted: A Different Risk Profile

The cybersecurity risk differs meaningfully depending on how AI tools are deployed. Cloud-based AI tools transmit data to external servers, meaning the firm’s data security perimeter no longer applies. The provider’s security practices become the relevant standard, and few firms evaluate those practices before adoption.

Locally hosted AI models, by contrast, process data within the firm’s own infrastructure. No client data leaves the environment. The tradeoff is cost and technical complexity, but the compliance profile is dramatically simpler. For firms handling sensitive client data at scale, that tradeoff increasingly favors local deployment.

Documentation as Defense

The firms that fare best in data breach investigations aren’t always the ones that prevented every incident. They’re the ones that can demonstrate a documented, enforced, and current security program. IRS Publication 5708 provides a sample WISP template specifically designed for tax professionals (IRS Publication 5708).

For firms integrating AI into their workflows, the documentation burden extends beyond the standard WISP. It includes an inventory of AI tools in use, a classification of what data types are permitted in each tool, documented review procedures for AI-generated outputs, and evidence of staff training on AI-specific data handling.

The regulatory environment is still catching up to AI adoption speed. But the professional obligations aren’t new. Confidentiality, data security, and reasonable precautions have been foundational standards for decades. AI just made it easier to violate them accidentally.

Data privacy and AI obligations for accounting professionals aren’t new standards — confidentiality and reasonable precautions have been foundational for decades. Surgent CPE’s Privacy, Data Security, and AI: Reasonable Precautions in an Unreasonable World (DSA2) covers modern confidentiality and data security obligations for accounting professionals using AI tools, including the strategic pause framework and practical guidance for responsible adoption.