7 Days Free Trial

for Enterprise Subscriptions

Trusted by 250,000+ Professionals for Continuing Education

Create Your Account 1/2

Already have an account? Log In

First Name

Last Name

Phone

Company Name

Password

Confirm Password

Promo Code

I Accept MYCPE ONE Terms and Conditions

You can cancel anytime during your trial period.

Become a Valued Member of MYCPE ONE Professionals Community

Trusted by 250,000+ Professionals

"Steven was knowledgeable and thorough…”

Steven was knowledgeable and thorough in his information about the product and what is offered. He was empathetic to my situation. He went above and beyond answering all of my many questions. Excellent service!

Crystal lovejoy

"Great Customer Service”

Great service and very patient as I asked several questions. Steven answered all my questions and helped me make the right decision in my subscription purchase. Thank you.

Lori corry

"It is what it advertised to be”

It is what it advertised to be. Professional quality training and CPE tracking and certificates; systems knows AZ CPA CPE requirements and categories. I've needed help on several occasions and the assistance was quick and effective; however, there were some problems with data entry. The assistance sometimes asks for input, but when I try to type it is dissallowed for some reason. On several occasions I had to close the popup to get it out of my way.

Brian Carey

"Great customer service”

Great customer service. Classes are pertinent. Great value

Steve

1/4

Create Your Free Account

First Name

Last Name

Email Address

Password

Confirm Password

Continue

Already have an account? Log In

Card No.

Card Holder Name

Expiry Date

CVV

Address

Address 2 (Optional)

Zip Code

I Accept MYCPE ONE Terms and Conditions

Guaranteed safe & secure checkout

Pay $199

Offshore Accounting

Freelancers, Compliance, and Client Data: A Conversation Tax Firms Need to Have

Amrit Singh

Published on: Feb 09, 2026
316

This article wasn’t written overnight.

It came together after many internal discussions, research, and real conversations with accounting firms - especially firms navigating capacity issues and leaning more heavily on freelancers and independent contractors.

Let’s be clear upfront:

This is not an anti-freelancer piece.

The gig economy has created real opportunities. Many freelancers are skilled, ethical, and hardworking professionals. We want that ecosystem to grow.

But growth brings responsibility - especially in tax and accounting, where client data protection isn’t optional.

What often gets missed in the freelancer conversation is not talent, but compliance reality.

Section 7216: Consent Is Only the Beginning

Most firms understand the headline rule under IRC Section 7216:

If you disclose tax return information to a third party, you need taxpayer consent.

But here’s where it gets complicated.

That consent must clearly identify:

Who is receiving the data
Where they are located
What information is being shared
Why it’s being shared

Now ask yourself a simple question:

If you’re working with an individual freelancer - possibly offshore - what exactly are you listing on that consent?

A personal name?
A changing subcontractor?
A Gmail address?
A person who may outsource further without your visibility?

Section 7216 assumes a level of defined, stable, identifiable service providers. Freelancer arrangements often aren’t structured that way - even when intentions are good.

Consent becomes harder to defend when the “service provider” is fluid.

AICPA Due Diligence: Designed for Vendors, Not Individuals

AICPA guidance expects firms to perform due diligence on service providers.

That usually includes:

Understanding the provider’s control environment
Reviewing data security policies
Evaluating background checks and access controls
Assessing ongoing monitoring procedures

Now let’s pause and be honest.

If the “vendor” is an individual freelancer or a two-person operation:

What documented controls exist?
What formal security policies are in place?
Who audits or reviews their practices?
What happens if that individual disappears tomorrow?

AICPA frameworks were written with vendors and organizations in mind - not loosely structured individual contractors.

Trying to force-fit freelancers into that checklist often leaves uncomfortable gaps.

WISP: It’s Not Just Yours - It’s Theirs Too

Most firms now have a Written Information Security Program (WISP) because they’re required to.

But here’s the critical detail that often gets overlooked:

Your WISP must account for service providers who access or store client data.

That means:

You must evaluate whether their safeguards align with your WISP
You must document that assessment
You must monitor compliance

So ask the uncomfortable but necessary question:

Does your freelancer have:

A documented WISP?
Defined incident response procedures?
Formal access controls?
Device security standards?

In most cases, the answer isn’t “no” because they’re careless - it’s “no” because they were never built to operate like a regulated service provider.

FTC Safeguards Rule: The Global Complication

The FTC Safeguards Rule raises the bar even further.

If you use a service provider - especially one outside the U.S. - the rule expects you to:

Ensure they implement appropriate safeguards
Contractually obligate them to protect data
Monitor their compliance over time

This isn’t optional.

And it’s not lightweight.

For large vendors, this is standard. For freelancers or small offshore setups, it’s often unrealistic.

Not because they don’t care - but because they don’t have the infrastructure, legal framework, or resources to meet it.

The Core Issue Isn’t Trust - It’s Structure

Most compliance failures don’t come from bad actors.

They come from misaligned operating models.

Freelancers are optimized for:

Flexibility
Speed
Cost efficiency

Regulatory frameworks are optimized for:

Documentation
Repeatability
Accountability
Auditability

Those two worlds don’t naturally align.

A Balanced Reality Check

None of this means:

Freelancers shouldn’t exist
Firms shouldn’t ever use freelancers
The gig economy is a problem

It simply means that compliance doesn’t scale casually.

As client expectations rise and regulators tighten scrutiny, firms have to ask:

Can this model withstand an audit?
Can it survive a data incident?
Can it be clearly explained to a client?

Those are business questions - not moral judgments.

Final Thought

This blog isn’t a verdict. It’s an invitation to reflect.

If your firm is using freelancers today, it may be working - and working well.

But the most resilient firms periodically step back and ask:

Are we compliant by design… or by assumption?

That distinction matters - not just for regulators, but for the clients who trust you with their most sensitive information.

About the Author

Amrit Singh

Amrit Singh is a business leader with 10+ years of experience in continuing education. Helping accounting, tax, and finance professionals stay compliant with ease, he began his journey as a consultant. Learning across industries before stepping into a leadership role, he is shaped by both successes and failures. Amrit is passionate about problem-solving, building products, exploring technology, and mentoring future leaders. He is dedicated to transform continuing education, making it simpler, smarter, and more meaningful. Through his blogs and talks, he shares insights on accounting careers, CPA compliance, and the future of continuing education.

Table of Contents