The American Institute of Certified Public Accountants (AICPA) has developed a series of assurance and advisory services. These services are focused on building trust and confidence in businesses and are a natural extension of the CPA's auditing and information technology consulting functions. One of the services is focused on privacy of personal information. The AICPA and CPA Canada have formed the AICPA/CPA Canada Privacy Task Force, which has developed privacy best practices and related services to help organizations manage privacy risk and implement good privacy practices.
Visit the Frequently Asked Questions About Privacy Services page for additional information.
|Privacy Responsibilities of Businesses
Businesses are responsible for identifying the principal risks of the business and implementing appropriate measures to mitigate those risks. To determine the significance of privacy risk, it is important to conduct a privacy risk assessment. The results of that assessment will dictate whether, and to what extent, a privacy program should be established.
Personal information privacy risk can have a pervasive impact on a business. For example, it can lead to:
damage to the reputation of the business and to business relationships;
legal liability and sanctions;
charges of deceptive business practices;
customer and employee distrust;
denial of consent to use personal information for business purposes; and
lost business and consequential reduction in sales and profits.
This booklet highlights key questions a business should ask with the aim of understanding privacy risk, implementing a privacy program, managing privacy risk and obtaining privacy assurance.
Privacy Risk Assessment Questionnaire
This questionnaire highlights key questions businesses should ask with the aim of understanding privacy risk, implementing sound privacy policies and practices, managing privacy risk, and obtaining privacy assurance.