Data Security & Confidentiality Policy

Data Security & Confidentiality Policy

Effective Date: April 1, 2025

Keshav Prem and Associates, PC is committed to safeguarding the confidentiality, integrity, and availability of client data. We recognize the sensitive nature of the personal and financial information we handle and have implemented robust policies and procedures to protect such data from unauthorized access, disclosure, alteration, and destruction.

1. Scope

This policy applies to all employees, contractors, systems, and processes that handle client information within the firm.

2. Data Collection and Classification

  • We collect only the information necessary to perform accounting, tax, and advisory services.
  • All client data is classified as confidential and treated with the highest level of protection.

3. Access Control

  • Access to client data is limited to authorized personnel only, based on their role and responsibilities.
  • All systems require user authentication and utilize secure passwords and, where possible, two-factor authentication.

4. Data Encryption

  • All sensitive data is encrypted during transmission and storage using industry-standard encryption protocols (e.g., SSL/TLS, AES-256).
  • Cloud storage providers used by the firm must meet appropriate security compliance standards such as SOC 2 or ISO 27001.

5. Physical Security

  • Physical files are stored in locked cabinets and access-controlled office environments.
  • Visitors to our offices are required to sign in and be escorted by a staff member at all times.

6. Confidentiality Agreements

  • All staff members and contractors are required to sign confidentiality and non-disclosure agreements.
  • Regular training is conducted to ensure awareness of confidentiality obligations.

7. Data Retention and Disposal

  • Data is retained in accordance with our Document Retention Policy.
  • Upon expiration of the retention period, data is securely destroyed using appropriate data destruction methods.

8. Incident Response

In the event of a data breach or security incident, we will promptly investigate and notify affected parties and authorities in accordance with applicable laws.

9. Client Responsibilities

  • Clients are encouraged to use secure methods to transmit documents (e.g., our client portal, encrypted email).
  • Clients should notify us immediately of any suspected unauthorized use of their information.

10. Policy Review

This policy is reviewed annually and updated as necessary to reflect changes in technology, legal requirements, or our business operations.

Contact Information

If you have questions about this policy, please contact:
Keshav Prem and Associates, PC
4260 Westbrook Dr, Suite 107
Aurora, IL 60504
Phone:  Pl see the home page at www.premcpa.com           
Email: Pl see the home page at www.premcpa.com