(GAPP). This document supersedes the AICPA and CICA Privacy Framework. Using GAPP, CPAs can help organizations design and implement sound privacy practices and policies. These principles and criteria were developed and updated by volunteers who considered both current international privacy regulatory requirements and best practices. These principles and criteria were issued following the due process procedures of both institutes, which included exposure for public comment. The adoption of these principles and criteria is voluntary.
|Generally Accepted Privacy Principles and Criteria
GAPP is designed to assist management in creating an effective privacy program that addresses their privacy obligations, risks, and business opportunities.
The privacy principles and criteria are founded on key concepts from significant local, national, and international privacy laws, regulations, guidelines, and good business practices. By using GAPP, organizations can proactively address the significant challenges that they face in establishing and managing their privacy programs and risks from a business perspective. GAPP also facilitates the management of privacy risk on a multi-jurisdictional basis.
Download the Executive Overview of GAPP to start using GAPP.
GAPP provides criteria and related material for protecting the privacy of personal information and can be used by certified public accountants (CPAs) in the United States and chartered accountants (CAs) in Canada, both in industry and in public practice, to guide and assist the organizations they serve in implementing privacy programs. GAPP has been developed from a business perspective, referencing some, but by no means all, significant local, national, and international privacy regulations. GAPP is the intellectual capital and body of knowledge that provides the foundation for CPA and CA-related privacy advisory and assurance services.
The CPA and CA practitioner version is identical to GAPP with the exception of appendix B, "CPA and CA Practitioner Services Using Generally Accepted Privacy Principles," and appendix C, "Illustrative Privacy Examination and Audit Reports." These additional appendixes are intended primarily to assist CPAs and CAs in public practice in providing privacy services to their clients.
Questions and comments on GAPP should be sent to Susan Pierce, Manager, Information Management and Technology Assurance, or Nicholas Cheung, CICA, Principal, Assurance Services Development.