Safe Ways to Share Completed Returns with Clients

After all the work of preparing a tax return, the last thing you want is for it to be intercepted on its way to your client. Completed returns contain Social Security numbers, income details, and other sensitive information that criminals would love to get their hands on. Using secure delivery methods protects your clients and your practice.

Why Regular Email Isn't Enough

Regular email transmits information in a way that can be intercepted at multiple points along its journey. Even if your email account and your client's account are secure, the message travels through various servers that might not be. Additionally, once the email arrives, it sits in the client's inbox, potentially for years, where it could be accessed if the account is ever compromised.

The IRS and professional standards require reasonable protections for client data. Regular email doesn't meet this standard for documents as sensitive as tax returns.

Client Portals: The Preferred Method

Secure client portals are the gold standard for sharing completed returns. The client logs into a protected website to view and download their documents. Transmission is encrypted, access requires authentication, and you have a record of when the client retrieved their files.

Most practice management systems include client portal functionality. If yours doesn't, standalone portal solutions are available. The small additional cost is worth the security improvement.

Encrypted Email Alternatives

If a client truly can't use a portal, encrypted email is a step up from regular email. Some services send the message normally but require the recipient to authenticate before opening sensitive attachments. Others create a secure web-based viewing experience.

The challenge with encrypted email is that it often requires clients to take extra steps. Make sure your clients understand how to access encrypted messages before you send important documents this way.

Password-Protected PDFs

Password-protecting PDF documents adds a layer of security, but it's not a complete solution. The protection is only as good as the password and how it's shared. Never email the password in the same message as the document—that defeats the purpose.

If you use password-protected PDFs, establish the password with your client through a different channel, such as a phone call. Use a password that isn't easily guessable from information about the client.

Physical Delivery Options

Physical delivery of printed returns hasn't disappeared entirely. Some clients prefer paper copies, and some situations call for in-person delivery. If you're mailing documents, use sealed envelopes that would show evidence of tampering. For very sensitive deliveries, consider certified mail or delivery services with tracking.

When clients pick up documents in person, verify their identity before handing over returns. This seems obvious but becomes important if you have a busy front desk where staff might not know every client by sight.

Client Education

Help clients understand why you use secure methods and how to access their documents. A brief explanation of security benefits can overcome resistance from clients who find portals inconvenient. Most clients appreciate knowing their information is protected once they understand the risks.

Provide clear instructions for portal access, including what to do if they have trouble logging in. The easier you make it, the less friction you'll encounter.

Consistent Application

Whatever method you choose, apply it consistently. Security gaps often occur when convenience is allowed to override protocol in individual cases. If every return is delivered securely, you don't have to make case-by-case decisions under time pressure during tax season.