Privacy Services

    Privacy Services 

    The American Institute of Certified Public Accountants (AICPA) has developed a series of assurance and advisory services. These services are focused on building trust and confidence in businesses and are a natural extension of the CPA's auditing and information technology consulting functions. One of the services is focused on privacy of personal information. The AICPA and CPA Canada have formed the AICPA/CPA Canada Privacy Task Force, which has developed privacy best practices and related services to help organizations manage privacy risk and implement good privacy practices. 

    Visit the Frequently Asked Questions About Privacy Services page for additional information.

    Privacy Responsibilities of Businesses

    The key to privacyBusinesses are responsible for identifying the principal risks of the business and implementing appropriate measures to mitigate those risks. To determine the significance of privacy risk, it is important to conduct a privacy risk assessment. The results of that assessment will dictate whether, and to what extent, a privacy program should be established.

    Personal information privacy risk can have a pervasive impact on a business. For example, it can lead to:

    damage to the reputation of the business and to business relationships;
    legal liability and sanctions;
    charges of deceptive business practices;
    customer and employee distrust;
    denial of consent to use personal information for business purposes; and
    lost business and consequential reduction in sales and profits.

    This booklet highlights key questions a business should ask with the aim of understanding privacy risk, implementing a privacy program, managing privacy risk and obtaining privacy assurance.

    Privacy Risk Assessment Questionnaire
    This questionnaire highlights key questions businesses should ask with the aim of understanding privacy risk, implementing sound privacy policies and practices, managing privacy risk, and obtaining privacy assurance.


    Records Management

    A stack of file folders with company records

    Nancy A. Cohen, CPA.CITP, CIPP discusses the considerations for safeguarding personally identifiable information. As systems and processes become more complex and sophisticated, ever more personal information are being collected. Because more data is being collected and held, personal information may be at risk to a variety of vulnerabilities, including loss, misuse, unauthorized access, and unauthorized disclosure.

    A Privacy Checklist for CPA Firms

    This checklist provides CPA firms with practical illustrations of selected GAPP in order to maintain privacy best practices within their organizations.


    Additional Resources

    Outsourcing and Privacy: 10 Critical Questions Top Management Should Ask

    This article discusses the 10 critical questions management should ask about outsourcing and discusses specific privacy concerns associated with outsourcing.

    Sample Employee Privacy Notice

    Use this example letter of a employee privacy notice when reviewing or assisting with the preparation of a privacy policy.

    Copyright © 2006-2014 American Institute of CPAs.