CPAs seeking to help their clients and employers understand privacy legislation and adopt good privacy practices may turn to new guidance developed jointly by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).
The guidance, called the AICPA/CICA Privacy Framework, is available at www.aicpa.org/privacy. In a public statement this week, Ontario’s Information and Privacy Commissioner endorsed the Framework, calling it “the first of its kind.”
The AICPA and CICA designed the Framework to serve as the body of fundamental knowledge for CPA-related privacy advisory and assurance services. It incorporates concepts from major domestic and international privacy laws. The Framework may be used to conduct advisory engagements, as well as independent attestation of an organization’s privacy practices.
“For months businesses have been asking me what tools are available to them to assess whether their privacy practices are effective and legally compliant,” said Dr. Ann Cavoukian, the Ontario Commissioner. “When the Canadian Institute of Chartered Accountants approached me about the new joint program with the AICPA to provide independent reviews and attestations on an organization’s privacy practices, I was delighted to help them get it up and running.”
The AICPA welcomed the Commissioner’s support.
“Commissioner Cavoukian’s endorsement of our privacy-compliance efforts will benefit U.S. companies doing business in Canada and CPAs practicing there,” said Alan Anderson, AICPA Senior Vice President – Member and Public Interest. “Moreover, it recognizes that CPAs possess the necessary skills to implement effective privacy practices in any organization.”
The Framework was written by the AICPA/CICA Privacy Task Force. Everett Johnson, Chair of the task force and retired partner with Deloitte & Touche, said that CPAs in both public practice and industry would benefit from using the Framework. For those in public practice, it provides a set of guidelines for offering services to their clients including privacy strategic and business planning, benchmarking, and independent verification, among others.
Kenneth Askelson, task force Vice Chair and audit manager with JC Penney, added that for CPAs in industry, the Framework provides a structure for enhancing their value to their employers by offering privacy-related advisory services and performing internal assessments.