New Guidance to Help Businesses Comply With Privacy Laws
CPAs seeking to help their clients and employers understand privacy legislation and adopt good privacy practices may turn to new guidance developed jointly by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).
The guidance, called the AICPA/CICA Privacy Framework, is available at www.aicpa.org/privacy. In a public statement this week, Ontario’s Information and Privacy Commissioner endorsed the Framework, calling it “the first of its kind.”
The AICPA and CICA designed the Framework to serve as the body of fundamental knowledge for CPA-related privacy advisory and assurance services. It incorporates concepts from major domestic and international privacy laws. The Framework may be used to conduct advisory engagements, as well as independent attestation of an organization’s privacy practices.
“For months businesses have been asking me what tools are available to them to assess whether their privacy practices are effective and legally compliant,” said Dr. Ann Cavoukian, the Ontario Commissioner. “When the Canadian Institute of Chartered Accountants approached me about the new joint program with the AICPA to provide independent reviews and attestations on an organization’s privacy practices, I was delighted to help them get it up and running.”
The AICPA welcomed the Commissioner’s support.
“Commissioner Cavoukian’s endorsement of our privacy-compliance efforts will benefit U.S. companies doing business in Canada and CPAs practicing there,” said Alan Anderson, AICPA Senior Vice President – Member and Public Interest. “Moreover, it recognizes that CPAs possess the necessary skills to implement effective privacy practices in any organization.”
The Framework was written by the AICPA/CICA Privacy Task Force. Everett Johnson, Chair of the task force and retired partner with Deloitte & Touche, said that CPAs in both public practice and industry would benefit from using the Framework. For those in public practice, it provides a set of guidelines for offering services to their clients including privacy strategic and business planning, benchmarking, and independent verification, among others.
Kenneth Askelson, task force Vice Chair and audit manager with JC Penney, added that for CPAs in industry, the Framework provides a structure for enhancing their value to their employers by offering privacy-related advisory services and performing internal assessments.
Voice of the Editor
Which isn’t completely true. I mean, occasionally I drop by when I manage to sneak out of the nonstop frat party over at Going Concern, but I’m mostly a wallflower over there. I’m happy to say that I’ve been given express permission (or explicit orders, if you like) to wander over here to AccountingWEB more often.
Why is that, you might ask? My job is to replace the irreplaceable Gail Perry as Editor-in-Chief. What does that mean? I don’t really know! I think it’ll be fun getting a feel for things, throwing in my own thoughts here and there, and listening to the discussions you’re having about the accounting profession.