Skip to main content
photo of tax return forms

Does Your Tax Software Protect Your Personal Data?

The Lyon Firm is reviewing allegations of tax software data violations. We are investigating privacy complaints nationwide related to tracking tools used by TaxAct, TurboTax, TaxSlayer and H&R Block.

Popular online tax services like TurboTax, H&R Block, TaxAct and TaxSlayer have allegedly been using Meta’s Pixel tracking tool, and ultimately sending users’ sensitive contact and financial information to Facebook.

The companies use the Pixel to send data, which should require customer consent for such a sensitive data set, though virtually no online tax client has been aware that this has been taking place.

Perhaps due to the legal liability now brought to light over personal privacy, tax software companies are  in the process of changing their uses of the Meta Pixel. TaxSlayer has removed the tracking tool altogether, and others are assessing the legal challenges ahead.

It’s not certain if any of the online tax services misused or lost personal data yet, but they could still face penalties for gathering details without prior consent.

The Internal Revenue Service (IRS) requires tax prep firms to obtain signed consent for using personal data for any reason beyond basic tax filing. Reports have said the websites in question have generic disclosure agreements, but do not get too specific about the tracking tools they are using.

Meta is currently facing several lawsuits over the Pixel tracking tool, with plaintiffs claiming the company violated privacy laws by collecting hospital patient data without consent.

Joe Lyon is a highly-rated data breach lawyer and Privacy Attorney representing plaintiffs nationwide in class action data breach lawsuits.

Can You Sue a Tax Software Service?

Entities that collect and store data have a duty to protect personal information to the best of their ability. When they are negligent, and a data theft incident occurs, they may be liable for the following:

  • Improperly monitoring data security systems for existing intrusions
  • Not ensuring that vendors with access to computer systems and data employ reasonable security procedures
  • Improperly training employees in handling emails containing personal data and maintain adequate email security practices
  • Failure to implement technical policies and procedures to allow electronic data access only to individuals or software programs granted access rights
  • Failure to implement procedures to review records of information system activity regularly, such as audit logs, access reports and security incident tracking reports
  • Improperly protecting against reasonably anticipated threats or hazards to the security or integrity of stored data

Current and former tax software customers:

We would like to speak with you about your privacy rights and potential legal remedies in response to this data security incident. Please fill out the contact form, below, or contact us by phone.