Revised Generally Accepted Privacy Principles seek to curtail identity theft


Responding to a spike in identity theft and increasing storage of  personal information on portable devices, the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants have expanded Generally Accepted Privacy Principles to include protocols for securing personal information.
Nearly 10 million Americans are victims of identity theft annually, according to the Federal Trade Commission.  The estimated cost in 2008 was $48 billion.  Increasing incidences of corporate privacy breaches have resulted in a greater number of lawsuits, consumer backlash and regulatory actions, including fines.  More than ever, customers today expect their personal data to be protected.
"Safeguarding personal information is one of the most challenging responsibilities facing an organization, whether that information pertains to employees or customers," said Everett C. Johnson, CPA, chair of AICPA/CICA Privacy Task Force and a past international president of ISACA, a global information technology association.  "We've updated the criteria of our privacy principles to minimize the risks to personal information." 
The AICPA/CICA Generally Accepted Privacy Principles are recognized by the Internal Revenue Service and other organizations.  The privacy framework offers guidance and best practices on securing portable devices, breach management and ensuring continued effectiveness of privacy controls.  The guidance covers disposal and destruction of personal information.  The principles are designed for chief privacy officers, executive management, compliance officers, legal counsel and CPAs offering technology advisory services.
 "Portable tools such as laptops, memory sticks, two-way pagers and smart phones provide convenience to employees, but appropriate measures must be put in place to secure them and the data they contain," said Donald Sheehy, CA.CISA, CIPP/C, associate partner with Deloitte (Canada) and a member of the AICPA/CICA Privacy Task Force.  "We must stay abreast of technological advances to ensure that proper measures are put into place to defend against new threats."
Created by the AICPA/CICA Privacy Task Force, Generally Accepted Privacy Principles are designed to help managements assess existing privacy programs and address privacy obligations and risks.  The principles provide a framework for CPAs and CAs to offer privacy services to their clients and employers, such as advisory services, privacy risk assessments and attestation or audits. 
Several organizations worked in conjunction with the AICPA and CICA on Generally Accepted Privacy Principles, including ISACA and the Institute of Internal Auditors.  It is available in two versions, one for business management and one for CPAs and CAs in public practice who provide consulting and attestation/audit services.
The mission of the Privacy Task Force is to examine the role CPAs and CAs can play in advising clients and employers about privacy issues and risks and to create a benchmark for good privacy practices.  Introduced in 2003, Generally Accepted Privacy Principles were updated previously in 2006.
Copies of the principles along with additional privacy resources are available at

You may like these other stories...

In a letter sent to Congress last week, the American Institute of CPAs (AICPA), the Virgin Islands Society of CPAs (VISCPA), and the Guam Society of CPAs (GSCPA) sought clarification regarding net investment income tax (NIIT...
The American Institute of CPAs (AICPA) on Thursday released a discussion paper seeking input from CPAs, regulators, financial statement users, and others in the profession on how better audit performance of private entities...
Recently, there has been a lot of buzz about the future of continuing professional education (CPE). The American Institute of CPAs (AICPA) created a task force on the Future of Learning with an accompanying fancy website. In...

Already a member? log in here.

Upcoming CPE Webinars

Aug 26
This webcast will include discussions of recently issued, commonly-applicable Accounting Standards Updates for non-public, non-governmental entities.
Aug 28
Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to restrict user inputs to selected choices, but there are many nuances to the feature that often trip users up.
Sep 9
In this session we'll discuss the types of technologies and their uses in a small accounting firm office.
Sep 11
This webcast will include discussions of commonly-applicable Clarified Auditing Standards for audits of non-public, non-governmental entities.