Privacy-Focused Alternatives to Google Services for Tax Pros – Bloomberg Tax

Google, which started as a simple search engine in 1997, is now a major player in just about every facet of our digital lives. A commensurate increase in scrutiny has followed. From data privacy issues to antitrust claims, the Do No Evil company has been accused of myriad unsavory practices. On top of that, it has been known to somewhat abruptly cancel services and products.

Owing in part to these trials and tribulations, there are several services now seeking to draw customers away from Google. The chief value add in many of them is privacy: limited data collection and retention and improved encryption. This should be music to tax professionals ears, as it is incumbent on us to safeguard not only our own data but also our clients data. We dont keep our hard copy tax return documentation in a storage location where third parties have access, so why would we hold our digital retention to less stringent standards?

In light of this, please consider this short primer on privacy-focused alternatives to the Google offerings frequently used by tax professionals. Most of these services either wont have a free tier or have a free tier only for limited personal use. In many cases, they are substantially more expensive, especially for heavy users. One thing to note is that when youre not paying for a service, the company is monetizing the service somehow. And more often than not, youre a product being packaged and sold to an advertiser.

Googly Eyes on Cracked Sidewalk Making a Smiley Face

Photographer: Stock photo via Getty Images

If Google has one banner product, its the search engine. Truth be told, if youre using a modern browser, your connection is secure, and you arent signed in to a Google account that is keeping track of your search history, you dont have too much to worry about when performing the odd search here or there. All the same, if youre beefing up security at your house, and you install new locks on all the doors and a new alarm system, do you leave a window open just because its mostly out of reach?

The clear alternative to Google Search is DuckDuckGo, which doesnt track searches or tie an individual to a specific search query. And the search results are pretty darn good. DuckDuckGo has been around since 2008 and sees about 3 billion monthly searches. It monetizes by showing ads tied to the individual search that is performed rather than by assembling a dossier on a user and showing ads relevant to the users perceived interests.

Nonetheless, care should be taken when running searches that contain identifiable information for a client. Thought should be given as to what kind of picture could be painted by an aggregation of all the searches you run that contain a given clients nameyour research might be giving more away than you realize.

If Google has a product that rivals its search in ubiquity, its Gmail. Privacy-focused folks may remember that in 2017, Google had a bit of a scandal when it was revealed the company scanned the content of emails to better target advertisements to customers. For ordinary email users, that is a privacy violation. For professionals who may have other peoples personal and financial information in their inboxes, that might be an ethics problem.

Luckily, there is no shortage of Gmail alternatives, and many have privacy as a top line feature. Among the most oft-recommended services is Tutanota, a service out of Germany that boasts end-to-end encryption. This means, at least in theory, no one can read the contents of your inbox. Similarly, Proton Mail encrypts everything related to your account and signs your emails using PGP (Pretty Good Privacy) keys so recipients can be certain an email from you is indeed an email from you.

When client data is sent by email, the email itself and any attachments that contain personal information should be encrypted and put behind a password, regardless of what email service you use. You dont know who may be listening in on the receiving end.

Google Sheets is a popular tool with folks who spend their days crunching numbers but has many of the same privacy concerns tied to other Google services. Someone who has access to your Gmail account has access to your Sheets and anything else stored in the larger Google Drive service. A spreadsheet that is accessible from any browser can be useful for tracking client data, and there are even templates for doing things like estimating quarterly tax paymentsbut convenience comes with a security tradeoff.

Many privacy-focused users are looking at services such as CryptPadnot just because it claims end-to-end encryption and is open source, but simply because keeping everything in the Google ecosystem seems a bit like that old saw about eggs and baskets. CryptPad allows users to remain completely anonymous, which may reduce ones risk of exposing client data in a targeted attack.

The use of Google Drive grants relatively permissive terms of use to Google for your documents. As free cloud hosts go, that isnt bad, but it may be a nonstarter for folks that need to store private or sensitive information. Additionally, and as mentioned above, the tying together of the various Google services behind one Google account is convenient but creates one point of entry for an attacker to gain access to your entire digital world.

Finding alternative private cloud providers to the big players (such as Google Drive, Microsoft OneDrive, and Dropbox) is not as simple as with email and spreadsheets. The big players are best in a position to provide storage services for rates that reflect their ability to pay for storage at scale. As such, the privacy-focused answer for using cloud storage is a bit different from the above.

As with all things, inexpensive storage comes with a tradeoff for tax professionals: file retention and destruction issues. The more cloud storage you have, the less motivated by space constraints you will be to periodically prune your client data, and that may be a problem when client data is retained for periods longer than necessary.

In sum, use one of the major players, but encrypt your data prior to uploading it and regularly delete client data you no longer need to retain. Cryptomator offers an open source and free tool that streamlines the process. The result isnt perfectwith enough time, any encryption method can be crackedbut its the best solution that isnt simply not using cloud services.

If the above hasnt convinced you to make a privacy move, at least make sure you are using a secure password for Google that isnt used anywhere else, and turn on two-factor authentication. If possible, do not have your two-factor authentication codes sent by SMS to your cellphone, and use a code-generating application like Google Authenticator or Authy. If you do use SMS to receive your codes, call your cellphone provider and ask for a PIN code on your account for all changes.

Finally, when handling sensitive informationespecially someone elsesbe thoughtful about when, where, and why you add a piece of data to the cloud. Best practices for data backup include local and off-site backups. Your clients wont thank you when their data isnt divulged in a breach, because that would be weird, but you can sleep soundly knowing that you arent going to have to have an uncomfortable conversation with them the next time a big breach makes the news.

This is a regular column from tax and technology attorney Andrew Leahey, principal at Hunter Creek Consulting and a sales suppression expert. Look for Leaheys column on Bloomberg Tax, and follow him on Twitter at @leahey.

Read more:

Privacy-Focused Alternatives to Google Services for Tax Pros - Bloomberg Tax