A client walks in the door to the accounting office when his RFID tag alerts the scanning system his home address has changed.

Immediately, the client authenticator system goes into action, alerting the client time and billing system, adjusting the address in the tax software, updating the customer relationship database, and, finally, alerting the IRS on the change of address. The IRS then contacts the U.S. Postal Service to ensure the address is updated, while the school district database checks to see if the client still qualifies to send his children to their current schools. By the end of the tax interview, the Social Security Administration also is identified by the home address change.

Obviously, this scenario never happens in real life, but Top Technology Initiative Number 12, “Improved Application and Data Integration,” begs the question as to the boundaries of data. We want technologies, such as Web Services, .NET, XML and SOAP (Simple Object Access Protocol), to make it easier for diverse databases to talk to one another. We may even want the databases inside our networks to talk to cloud-based databases. How far, however, should that communication go, and is this something your clients/customers need to be informed of?

Think in terms of our most basic needs. We want to be able to update the contact information in our email/contact/CRM platform (for most of us, Microsoft Outlook) and have it populate to the tax software. Sounds reasonable – and an issue where you would not need to get any pre-approval from your clients, right? What if your firm has a separate division that perhaps sells some sort of services? What if your firm outsources part of the duties to another firm? What responsibilities do you have both in terms of setting a privacy policy, as well as informing your clients of a privacy policy when deploying technologies that seamlessly integrate data across different databases?

To begin to consider the impact to your organization’s privacy policy, begin first with the AICPA’s Privacy Resources, including Generally Accepted Privacy Principles (GAPP, a Global Privacy Framework) for businesses of all kinds and a version created just for CPAs in public practice. These are a must-read when considering the impact of application and data integration in your firm’s or company’s databases, as well as how you handle sensitive information.

At this point, stop and ask yourself, what is private to your clients? It may be something as mundane as their name. Do you ask if you can list them as a client on your firm’s Web site? Do you ensure their e-mail address is kept on a need-to-know basis with only those staff positions that need that information? Do you ensure that more personal information such as birthdates and family information is kept private? For many bank accounts, the mother’s maiden name is a key identifier. And, while it would be nice for all of this information to be in an immediate, accessible-to-all database that cross references to all other databases, should it?

Now think back to the information in your tax software. If it were synchronized immediately into the contact database of your network, do you currently have the ability to track and audit who has access to that information? Do you inform your clients in a mandated privacy policy of how you will maintain their information and dispose of it when the time comes?

Invariably, when I’ve reviewed data integration software, there have always been some sacrifices I’ve had to accept. Implementations of such synchronizations never quite work exactly how the salesman says it will work. As we start these implementations of data synchronization, we really should step back, stop and ask ourselves if all of the data actually needs to be synchronized. The more sensitive data that you have replicated to more locations, the more you will need to ensure its safety and security.

Diverse applications also tend to need diverse solutions for securing them. Synchronize the data to cloud-based or mobile databases, such as customer relationship management databases on laptops, and don’t forget to protect mobile data. Encryption and audit ability of access should be key requirements built into the systems you set up.

As an industry, the data that we contain regarding our clients’ tax information, as well as the data we audit, can include some very sensitive data. As we design and implement integration of data between diverse applications, consider that we may not want to seamlessly integrate all of the data in all of the places. Select those synchronizations that make good privacy sense for you and your clients/customers.