Trust is the foundation of any long-term relationship with your accountant. When you hand over sensitive financial data, you expect it to be handled with care and discretion. Yet, breaches of confidentiality or persistent communication failures can expose your business to reputational harm, regulatory penalties, and financial loss. This article explores the legal duties accountants owe, how to spot problems, and the steps you can take if things go wrong.

2. The Legal Duty of Confidentiality

Accountants are bound by both statutory and contractual obligations to protect client information. Under the Data Protection Act 2018 and GDPR, they must process personal data lawfully, securely, and only for agreed purposes. Professional codes (such as those from ICAEW and ACCA) reinforce these duties, requiring accountants to maintain strict confidentiality unless legally compelled to disclose information.

Example: Your accountant shares your profit and loss statement with a third party—perhaps a lender or another client—without your written consent. This is a clear breach of both GDPR and professional standards, and could result in regulatory action or a claim for damages.

3. Common Breaches and Their Impact

Breaches can take many forms. Unauthorised disclosure might occur if an accountant emails your tax return to the wrong recipient, or discusses your affairs with someone outside your business. Mishandling data is another risk: storing files on unsecured devices, failing to encrypt sensitive documents, or leaving paperwork in public areas.

Example: An accountant leaves client files on a shared office drive accessible to all staff, including those not working on your account. If those files contain personal data, this is a reportable data breach under GDPR and could trigger an investigation by the Information Commissioner’s Office (ICO).

4. Communication Breakdowns: Signs and Consequences

Communication failures are often less dramatic but just as damaging. If your accountant routinely ignores emails, fails to return calls, or provides vague answers to technical questions, you may miss critical deadlines or misunderstand your tax position. Poor communication can lead to late filings, missed reliefs, or even HMRC investigations.

Example: You repeatedly ask your accountant for clarification on a new VAT rule, but receive only generic responses. As a result, you apply the rule incorrectly and face a penalty.

5. Technical Steps to Address Breaches and Poor Communication

If you suspect a breach or are frustrated by poor communication, act promptly. Send a written request for an explanation or correction, and keep a record of all correspondence. Under GDPR, you can submit a subject access request to see what data your accountant holds and how it’s been used. If they fail to respond within one month, this is itself a breach of data protection law.

Example: You email your accountant requesting all records of your personal data. If they ignore your request or refuse to comply, you have grounds to escalate the issue to the ICO.

6. Escalating the Issue: Complaints and Legal Remedies

If direct requests don’t resolve the problem, you can file a complaint with the accountant’s professional body. ICAEW and ACCA have formal procedures for investigating breaches of confidentiality or poor service. For data breaches, report the incident to the ICO, who can investigate and impose fines. If you’ve suffered financial loss, you may also have grounds for a legal claim.

Example: After a data breach, you file a complaint with ICAEW and report the incident to the ICO. The accountant faces disciplinary action and your business receives compensation for the loss.

7. Protecting Your Business: Preventative Measures

Prevention is far easier than cure. Insist on written agreements that clearly set out confidentiality and communication standards before engaging an accountant. Review your accountant’s data protection policies annually, and ask for evidence of staff training in GDPR compliance.
Example: You request a copy of your accountant’s internal data protection policy and confirm that all staff handling your account have completed GDPR training. This reduces the risk of accidental breaches and shows you take data security seriously.

8. Seeking Compensation for Losses

If a breach or communication failure causes financial harm, you may be entitled to compensation. Calculate both direct losses (such as regulatory fines or lost contracts) and indirect losses (like reputational damage).
Options include mediation, formal complaints to professional bodies, or legal action for breach of contract or negligence.

Example: Your accountant’s data breach leads to a lost client and a fine from the ICO. You document the losses and recover damages through a formal complaint and, if necessary, a claim in the small claims court.

9. Conclusion

Long-term relationships with accountants should be built on trust, clear communication, and robust data protection. If your accountant falls short, act quickly—document everything, escalate appropriately, and protect your business interests.

Regular reviews and written agreements are your best defence against future problems. Don’t hesitate to set high standards and hold your accountant accountable if they fail to meet them.

Disclaimer:
This material is for general information only and does not constitute medical, financial, tax, or legal advice. For guidance on your specific situation, consult a qualified professional.