Security and Privacy encompasses the rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure, and disposal of personal information. Security and Privacy is a risk management issue for all organizations, and many are looking to CPA firms for solutions.
CPAs are adept at performing comprehensive risk assessments for businesses and developing risk management solutions that can give companies competitive marketplace advantages.
Security and Privacy is included in these risk assessments, and CPAs use a universal framework of best practices against which the company's privacy policies can be examined. CPAs can provide guidance to the organizations they serve by using the Generally Accepted Privacy Principles (GAPP) to help assess their privacy-related risks as well as to develop sound privacy policies and practices.
Visit the Privacy Resources page for additional information.
Visit the Privacy Services page for additional information.
The AICPA and CPA Canada have formed the AICPA/CPA Canada Privacy Task Force, which has developed the Generally Accepted Privacy Principles (GAPP). This document supersedes the AICPA and CPA Canada Privacy Framework. Using GAPP, CPAs can help organizations design and implement sound privacy practices and policies. These principles and criteria were developed and updated by volunteers who considered both current international privacy regulatory requirements and best practices. These principles and criteria were issued following the due process procedures of both institutes, which included exposure for public comment. The adoption of these principles and criteria is voluntary.
|Generally Accepted Privacy Principles
Download the Principles and Criteria table and the Executive Overview of GAPP to start using GAPP.
Visit the GAPP page for additional information.
Cybersecurity is the process of applying security measures to ensure confidentiality, integrity, and availability of data. Cybersecurity attempts to assure the protection of assets, which includes data, desktops, servers, buildings, and most importantly, humans. The goal of cybersecurity is to protect data both in transit and at rest.
Countermeasures can be put in place in order to increase the security of data. Some of these measures include, but are not limited to, access control, awareness training, audit and accountability, risk assessment, penetration testing, vulnerability management, and security assessment and authorization.
Visit the Cyber Security page for more information.
With the increasing trend for companies to outsource, cloud computing has increasingly become a solution for organizations. It’s an innovative and increasingly popular model of software deployment that offers enterprise-class software function without traditional up-front infrastructure costs or the unpredictable support and maintenance costs of on-site software and hardware.
Cloud Computing Tools and references
Privacy Principles Scoreboard
The AICPA Privacy Principles Scoreboard tool is designed to help organizations and the CPAs that serve them reach a new level of best practice in the assessment and management of privacy.
Identity Theft Resources
Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in a way that involves fraud or deception, typically for economic gain.
FTC Identity Theft Resources for Businesses
The Federal Trade Commission (FTC) has compiled resources to help organizations secure the personal information they collect and prevent identity theft.
The Privacy Act of 1974 prohibits federal government agencies from disclosing any personal information about an individual without consent, except in certain circumstances such as: law enforcement purposes; census activities; and necessary circumstances for a government to conduct its business. The Privacy Act of 1974 applies to federal government agencies, as well as businesses that are contractors for a federal government agency and that collect, maintain, process, or transmit data.