For many business owners, the relationship with their accountant is built on years of trust and shared financial history. Yet, even the most established partnerships can be undermined by poor communication or mishandling of sensitive data. When your accountant becomes unresponsive or fails to protect your confidential information, the consequences can be far-reaching—regulatory penalties, reputational harm, and financial loss. This article explores the legal duties accountants owe, how to spot problems, and the steps you can take if things go wrong.

2. The Legal and Professional Duty of Confidentiality

Accountants are bound by statutory obligations under the Data Protection Act 2018 and GDPR, as well as professional codes from bodies like ICAEW and ACCA. These rules require accountants to process personal data lawfully, securely, and only for agreed purposes. Breaching these duties—such as sharing your financial statements with a third party without consent—can trigger regulatory investigations and disciplinary action.

Example: Your accountant sends your profit and loss statement to a lender without your written approval. This is a clear breach of GDPR and professional standards, exposing both you and the accountant to risk.

3. Common Breaches and Communication Failures

Breaches of confidentiality can take many forms. Unauthorised disclosure might occur if an accountant emails your tax return to the wrong recipient, discusses your affairs with someone outside your business, or shares data with HMRC without proper authority. Mishandling data is another risk: storing files on unsecured devices, failing to encrypt sensitive documents, or leaving paperwork in public areas.

Communication failures are equally damaging. Chronic unresponsiveness—emails and calls going unanswered, vague or incomplete advice, or missed deadlines due to poor communication—can lead to missed reliefs, late filings, and even HMRC investigations.

Example: You repeatedly ask your accountant for clarification on a new VAT rule, but receive only generic responses. As a result, you apply the rule incorrectly and face a penalty.

4. Technical Steps to Identify and Document Issues

If you suspect a breach or are frustrated by poor communication, act promptly. Send a written request for an explanation or correction, and keep a record of all correspondence. Under GDPR, you can submit a subject access request to see what data your accountant holds and how it’s been used. If they fail to respond within one month, this is itself a breach of data protection law.

Example: You email your accountant requesting all records of your personal data. If they ignore your request or refuse to comply, you have grounds to escalate the issue to the ICO.

5. Escalating the Issue: Complaints and Legal Remedies

If direct requests don’t resolve the problem, you can escalate matters. Filing a complaint with your accountant’s professional body—such as ICAEW or ACCA—can trigger a formal investigation into breaches of confidentiality or poor service. For data breaches, report the incident to the Information Commissioner’s Office (ICO), which has the authority to investigate and impose fines.

If you’ve suffered financial loss, you may also have grounds for a legal claim for breach of contract or negligence.

Example: After a data breach, you file a complaint with ICAEW and report the incident to the ICO. The accountant faces disciplinary action and your business receives compensation for the loss.

6. Protecting Your Business: Preventative Measures

Prevention is always preferable. Insist on written agreements that clearly set out confidentiality and communication standards before engaging an accountant. Review your accountant’s data protection policies annually, and ask for evidence of staff training in GDPR compliance.

Example: You request a copy of your accountant’s internal data protection policy and confirm that all staff handling your account have completed GDPR training. This reduces the risk of accidental breaches and shows you take data security seriously.

7. Seeking Compensation for Losses

If a breach or communication failure causes financial harm, you may be entitled to compensation. Calculate both direct losses (such as regulatory fines or lost contracts) and indirect losses (like reputational damage).
Options include mediation, formal complaints to professional bodies, or legal action for breach of contract or negligence.

Example: Your accountant’s data breach leads to a lost client and a fine from the ICO. You document the losses and recover damages through a formal complaint and, if necessary, a claim in the small claims court.

8. Conclusion

Long-term relationships with accountants should be built on trust, clear communication, and robust data protection. If your accountant falls short, act quickly—document everything, escalate appropriately, and protect your business interests.

Regular reviews and written agreements are your best defence against future problems. Don’t hesitate to set high standards and hold your accountant accountable if they fail to meet them.

Disclaimer:
This material is for general information only and does not constitute medical, financial, tax, or legal advice. For guidance on your specific situation, consult a qualified professional.