AICPA Publishes Generally Accepted Privacy Policies for Use by Business and CPAs

The American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) have announced the recent release of Generally Accepted Privacy Principles (GAPP) – a Global Privacy Framework. The new GAPP is available in two versions, one for business and management and the other for CPAs in public practice that provide consulting and attestation services. This document supersedes the AICPA/CICA Privacy Framework published in 2003.

In developing the GAPP the AICPA and CICA expanded on the framework to address risk arising from international privacy considerations and outsourcing.

“Managing privacy risk can be even a more significant challenge for organizations operating in a multi-jurisdictional environment,” says Everett C. Johnson, CPA, chair of the AICPA’s Privacy Task Force and a retired partner with Deloitte & Touche LLP. “Organizations need to be aware of significant privacy requirements in all the jurisdictions in which the organization does business. In addition, the use of outsourcing, which allows businesses to focus on their core competencies while still meeting customer needs, raises significant additional privacy considerations.”

The new GAPP document includes a section that provides step-by-step guidance on how businesses and other entities can use the document. The document references domestic and international privacy regulations, incorporating complex privacy requirements into a single privacy objective supported by 10 privacy principles. Each principle is supported by objective, measurable criteria that need to be met. Examples of policy requirements, communications and controls, including monitoring controls are provided as support for the criteria.

The AICPA and CICA tracked the impact of the 2003 policy framework and found that it had been accepted and widely used:

  • As the basis for independent privacy audits by several large organizations,
  • By commercial entities in developing products and services, and
  • By business as a benchmark in creating internal privacy practices.

Several organizations worked in conjunction with the AICPA and CICA on the GAPP, including Information Systems Audit and Control Association (ISACA) and the Institute of Internal Auditors. A downloadable version of “Generally Accepted Privacy Principles; A Global Privacy Framework”can be can be found at www.aicpa.org/privacy and www.cica.ca/privacy.

You may like these other stories...

No matter how much we may want to put them on hold, we all have projects at work we need to start, right? Well, according to a recent survey of human resources (HR) managers by Accountemps, the most productive day of the...
The Ethics Resource Center (ERC) has been conducting nationally representative surveys of ethical attitudes, knowledge, and beliefs in the US workforce since 1994. Its latest comprehensive report, 2011 National Business...
By Ken Berry, Correspondent  Traveling is often physically and mentally taxing. It can also be a taxing experience from, well, a tax perspective. According to a press release by the Global Business Travel...

Upcoming CPE Webinars

Apr 22
Is everyone at your organization meeting your client service expectations? Let client service expert, Kristen Rampe, CPA help you establish a reputation of top-tier service in every facet of your firm during this one hour webinar.
Apr 24
In this session Excel expert David Ringstrom, CPA introduces you to a powerful but underutilized macro feature in Excel.
Apr 25
This material focuses on the principles of accounting for non-profit organizations' revenues. It will include discussions of revenue recognition for cash and non-cash contributions as well as other revenues commonly received by non-profit organizations.
Apr 30
During the second session of a four-part series on Individual Leadership, the focus will be on time management- a critical success factor for effective leadership. Each person has 24 hours of time to spend each day; the key is making wise investments and knowing what investments yield the greatest return.