AICPA RSS
x
Username

Password

Remember Me Register | Forgot Username? | Password?


Home Interest Areas Information Technology Resources Privacy

Privacy / Data Protection 

Privacy encompasses the rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure, and disposal of personal information. Privacy is a risk management issue for all organizations, and many are looking to CPA firms for privacy solutions.

CPAs are adept at performing comprehensive risk assessments for businesses and developing risk management solutions that can give companies competitive marketplace advantages.

Privacy is included in these risk assessments, and CPAs use a universal framework of privacy best practices against which the company's privacy policies can be examined. CPAs can provide guidance to the organizations they serve by using the Generally Accepted Privacy Principles (GAPP) to help assess their privacy-related risks as well as to develop sound privacy policies and practices. 

GAPP-Related Content 

Generally Accepted Privacy Principles (GAPP)

GAPP provides criteria and related material for protecting the privacy of personal information and can be used by CPAs in the United States and CAs in Canada, both in industry and in public practice, to guide and assist the organizations they serve in implementing privacy programs.

Privacy Risk Assessment Tool
A good first step to address privacy risks within an organization is to perform a privacy risk assessment. The AICPA/CICA Privacy Risk Assessment Tool is designed to help CPAs, CAs, management, owners, and other privacy professionals accomplish this task in an effective and comprehensive manner. 

Privacy Maturity Model (PMM)
The PMM provides entities with a useful and effective means of assessing their privacy program against a recognized maturity model and has the added advantage of identifying the next steps required to move the privacy program ahead.

Mapping of Criteria:  ISO 27002 to the AICPA and CICA GAPP’s Security for Privacy Principle
This document provides users of GAPP with an understanding of how GAPP privacy criteria relate to the information security management requirements of ISO 27002.   

Other Privacy-Related Content 

Data Privacy Day 2012
Data Privacy Day is celebrated on January 28, 2012. It is an annual international celebration to raise awareness and generate discussion about information privacy.  

State Security Breach Laws
In addition to Federal regulations, forty-six states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted privacy regulations requiring that companies and/or state agencies disclose to consumers security breaches involving personal information. The State Security Breach Laws were enacted to protect the confidential personal information of consumers. 

Cloud Computing and Privacy

While cloud computing technology provides a number of benefits, it also raises numerous issues related to privacy and information security.  This page references several articles that address the overall concept of cloud computing as well as the privacy and security issues surrounding it.

Identity Theft
Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in a way that involves fraud or deception, typically for economic gain. Learn more about identity theft by visiting these articles and sites.

Open Hide documents in this section

Page  1 2 3 4 5 >> 
Showing results 1 - 15 of 166
Order by:


Privacy Resources

Article :  The protection of sensitive information is a high priority to organizations at large. This page provides useful resources to learn more about privacy initiatives through reports, articles and other sources.
Published on May 09, 2012

United States-Computer Emergency Readiness Team

Guide :  Cyber Security Tip ST04-008—Benefits of BCC Although in many situations it may be appropriate to list email recipients in the To: or CC: fields, sometimes using the BCC: field may be the most desirable option. This Alert discusses some of the privacy
Published on May 09, 2012

National Institute of Standards and Technology

Publication :  This page contains links to publications from the National Institute of Standards and Technology on privacy related topics.
Published on May 09, 2012

Identity Theft

Link :  Learn more about identity theft by visiting the articles and sites on this page.
Published on May 09, 2012

Cloud Computing and Privacy

Link :  This page contains references on the topic of cloud computing.
Published on March 15, 2012

NIST Special Publication 800-98

Guide :  Retailers, manufacturers, hospitals, federal agencies, and other organizations planning to use radio frequency identification (RFID) technology to improve their operations should also systematically evaluate the possible security and privacy risks and use best practices to mitigate them, according to SP 800-98, Guidelines for Securing Radio Frequency Identification (RFID) Systems.
Published on March 15, 2012

AICPA Code of Professional Conduct

Professional Standards :  This page explains the AICPA Code of Professional Conduct. Learn More
Published on March 12, 2012

Privacy Services

Link :  The AICPA has developed a series of assurance and advisory services. These services are focused on building trust and confidence in businesses and are a natural extension of the CPA's auditing and information technology consulting functions.
Published on March 08, 2012

Outsourcing and Privacy 10 Critical Questions Top Management Should Ask

Article :  Although an organization may outsource some of its business processes, the organization cannot outsource its accountability for privacy. This article discusses the 10 critical questions management should ask about outsourcing and discusses specific privacy concerns associated with outsourcing.
Published on March 08, 2012

The NIST Definition of Cloud Computing

Guidance :  The NIST definition in SP 800-145,The NIST Definition of Cloud Computing, characterizes important aspects of cloud computing and is intended to serve as a means for broad comparisons of cloud services and deployment strategies, and to provide a baseline for discussion from what is cloud computing to how to best
Published on March 06, 2012

Guidelines on Security and Privacy in Public Cloud Computing

Guidance :  NIST SP 800-144, Guidelines on Security and Privacy in Public Cloud Computing provides an overview of the security and privacy challenges pertinent to public cloud computing and points put considerations organizations should take when outsourcing data, applications, and infrastructure to a public cloud environment.
Published on March 06, 2012

Mapping of Criteria ISO 27002 to the AICPA and CICA GAPPs Security for Privacy Principle

Executive Summary :  The AICPA and CICA Privacy Task Force cross-referenced or “mapped” the detailed criteria from ISO 27002, to GAPP’s Security for Privacy principle criteria. This mapping document provides users of ISO 27002 (organizations whose information security management practices meet the requirements of the standard) with an understanding of how the information
Published on March 02, 2012

ISO 27002 Mapping to GAPP

Assessment :  To elaborate on the relationship between ISO 27002 and GAPP, the AICPA and CICA Privacy Task Force cross-referenced or “mapped” the detailed criteria from ISO 27002, to GAPP’s Security for Privacy principle criteria. This document contains that mapping.
Published on February 29, 2012

Internal Revenue Code

Article :  IRC Section 7216 prohibits anyone who is involved in the preparation of tax returns from knowingly or recklessly disclosing or using the tax-related information provided other than in connection with the preparation of such returns. Anyone who violates this provision may be subject to a fine or even imprisonment.
Published on February 21, 2012

Gramm-Leach-Bliley Act

Federal Law :  On November 12, 1999, the Gramm-Leach-Bliley Act (GLBA) was passed by Congress with an effective date of November 13, 2000, and compliance date of July 1, 2001. The Act requires any financial institution or business that engages in financial activities to provide a privacy notice to their customers.
Published on February 17, 2012

Page  1 2 3 4 5 >> 
Showing results 1 – 15 of 166
Show Results per page
Copyright © 2006-2012 American Institute of CPAs.