Is encrypting a PDF enough to comply with data security requirements for CPAs?

Password encryption satisfies the 'encryption of transmitted data' control referenced in IRS Publication 4557 and AICPA cybersecurity guidance. It is one required layer among several — secure email, strong passwords, and access controls should accompany it. It is far preferable to sending unprotected attachments.

Should I use the same password for every client PDF?

No. Use a unique password per client or per engagement to contain exposure if one password is compromised. A password manager makes this practical at scale.

Can I batch-protect multiple client returns at once?

Deliteful supports multiple file uploads in a single session. Note that all files in a batch share the same password, so batch protection works best when sending a set of documents to a single client with one password.

What happens if a client loses the password to their protected return?

There is no recovery mechanism for PDF passwords — the document will be permanently inaccessible without the correct password. Always retain the unencrypted original in your document management system and only send encrypted copies externally.

Lock Down Client Tax Returns and Financial Statements Before Emailing

Emailing an unencrypted tax return or financial statement exposes client Social Security numbers, income figures, and account data to anyone with inbox access. Deliteful's PDF Protect tool lets CPAs and accountants add password encryption to any PDF in seconds.

Create free account

Accountants send hundreds of sensitive PDFs each tax season — Form 1040s, K-1s, financial statements, engagement letters. IRS Publication 4557 and most state CPA licensing boards recommend encrypting files that contain personally identifiable financial information before transmission. A password-protected PDF is the minimum expected control when sending these documents outside a secure portal.

With Deliteful, you upload the PDF, set a password, and download the encrypted file immediately — no plugin, no Acrobat Pro license required. One credit per file. The encrypted PDF is indistinguishable from the original in layout and content; the only difference is that the recipient must enter the correct password to open it. Share the password separately via phone or text, never in the same email as the document.

How it works

1
Upload the financial PDF
Select the tax return, statement, or report you need to send securely.
2
Set the user password
Choose a strong password — ideally unique per client — that you will communicate by phone or text.
3
Download the encrypted file
Deliteful returns the protected PDF instantly, ready to attach to your client email.
4
Send the password separately
Never include the password in the same email as the document — use a phone call, text, or secure message.

Frequently asked questions

Is encrypting a PDF enough to comply with data security requirements for CPAs?: Password encryption satisfies the 'encryption of transmitted data' control referenced in IRS Publication 4557 and AICPA cybersecurity guidance. It is one required layer among several — secure email, strong passwords, and access controls should accompany it. It is far preferable to sending unprotected attachments.
Should I use the same password for every client PDF?: No. Use a unique password per client or per engagement to contain exposure if one password is compromised. A password manager makes this practical at scale.
Can I batch-protect multiple client returns at once?: Deliteful supports multiple file uploads in a single session. Note that all files in a batch share the same password, so batch protection works best when sending a set of documents to a single client with one password.
What happens if a client loses the password to their protected return?: There is no recovery mechanism for PDF passwords — the document will be permanently inaccessible without the correct password. Always retain the unencrypted original in your document management system and only send encrypted copies externally.

Create your free Deliteful account with Google and protect your first client PDF before the next filing deadline.