New Guidance to Help Businesses Comply With Privacy Laws

CPAs seeking to help their clients and employers understand privacy legislation and adopt good privacy practices may turn to new guidance developed jointly by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).

The guidance, called the AICPA/CICA Privacy Framework, is available at www.aicpa.org/privacy. In a public statement this week, Ontario’s Information and Privacy Commissioner endorsed the Framework, calling it “the first of its kind.”

The AICPA and CICA designed the Framework to serve as the body of fundamental knowledge for CPA-related privacy advisory and assurance services. It incorporates concepts from major domestic and international privacy laws. The Framework may be used to conduct advisory engagements, as well as independent attestation of an organization’s privacy practices.

“For months businesses have been asking me what tools are available to them to assess whether their privacy practices are effective and legally compliant,” said Dr. Ann Cavoukian, the Ontario Commissioner. “When the Canadian Institute of Chartered Accountants approached me about the new joint program with the AICPA to provide independent reviews and attestations on an organization’s privacy practices, I was delighted to help them get it up and running.”

The AICPA welcomed the Commissioner’s support.

“Commissioner Cavoukian’s endorsement of our privacy-compliance efforts will benefit U.S. companies doing business in Canada and CPAs practicing there,” said Alan Anderson, AICPA Senior Vice President – Member and Public Interest. “Moreover, it recognizes that CPAs possess the necessary skills to implement effective privacy practices in any organization.”

The Framework was written by the AICPA/CICA Privacy Task Force. Everett Johnson, Chair of the task force and retired partner with Deloitte & Touche, said that CPAs in both public practice and industry would benefit from using the Framework. For those in public practice, it provides a set of guidelines for offering services to their clients including privacy strategic and business planning, benchmarking, and independent verification, among others.

Kenneth Askelson, task force Vice Chair and audit manager with JC Penney, added that for CPAs in industry, the Framework provides a structure for enhancing their value to their employers by offering privacy-related advisory services and performing internal assessments.


Already a member? log in here.

Editor's Choice

Upcoming CPE Webinars

Dec 3The materials discuss the concepts and principles in the AICPA’s new special purpose framework.
Dec 8Kristen Rampe will cover how to diffuse the tension in challenging situations in this one-hour webinar.
Dec 9A key component to improving your firm’s workflow efficiency while enhancing your profitability at the same time is how you leverage emerging technologies.
Dec 16Kristen Rampe will give tips on how to bring confidence into the room and build a valuable network.