- You don’t have local admin.
TurboTax requires1 it and you probably don’t have it, nor should you.
Admins take away local admin because users frequently don’t look before clicking and because users install things they shouldn’t, possibly introducing malware or putting their organizations at risk of license violations.
- You just saved, on a device you don’t own, your sensitive personal information.
Enough of your (and your family’s) sensitive personal information2 that even a mildly competent criminal would find it easy to exploit. And you saved it for them all in one spot. With pointers to it.
There are methods to encrypt this file and make it harder for them to exploit it. But it’s still possible.
Oh, and that PDF you saved, just in case? It has everything the criminal needs, too.
- You don’t have a reasonable expectation of privacy when using their computer.3
Check your company handbook, HR manual or whatever you signed. It might even be stated that simply.
- Your tax return has now left your control and been copied to your company’s backup system.
That might be onsite at your corporate offices, it might be “in the cloud” somewhere, it might be on tapes that your admin takes home on the weekends. Wherever it has gone, it’s probably well-protected,4 but it’s now been replicated to multiple places and will probably never truly be erased.
By design, at least, it will be around for years, perhaps long after you’ve moved on.
- You don’t own that computer. (Or its contents.) And you probably can’t take it with you.
Some employers will let you collect “your” files when you move on, but many will walk you right out the door. Sometimes we leave on our own terms and other times we don’t. With the median number of tenure years just over four,5 why risk putting your data on your employer’s gear?
(And you didn’t use your company’s email address to register the software, did you?)
What should you do instead?
- Use your own computer.
- Use TurboTax’s online edition.
- Sign up for a Gmail account.6
- Sharpen your pencil.
Any other thoughts?
- See “Administrator Rights In Windows 7 And Vista – Turbotax Support“. Web. 8 Feb. 2017. ↩
- See NIST’s “Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)” (pdf). Web. 8 Feb. 2017. ↩
- In all fairness to your busy admins, there aren’t enough hours in the day to go looking for this stuff just for fun. But there are applications that scan for these bits of sensitive personal information periodically and flag it as part of your company’s privacy program. And they work. ↩
- That’s one of the reasons admins do backups—to provide protection for the company’s assets. ↩
- See U.S. Bureau of Labor Statistics’ “Employee Tenure in 2016“. Web. 8 Feb 2017. ↩
- Gmail is reported to still have lots of addresses. ↩