The American Institute of Certified Public Accountants (AICPA) has developed a series of assurance and advisory services. These services are focused on building trust and confidence in businesses and are a natural extension of the CPA's auditing and information technology consulting functions. One of the services is focused on privacy of personal information. The AICPA and the Canadian Institute of Chartered Accountants (CICA) have formed the AICPA/CICA Privacy Task Force, which has developed privacy best practices and related services to help organizations manage privacy risk and implement good privacy practices.
Visit the Frequently Asked Questions About Privacy Services page for additional information.
| Privacy Responsibilities of Businesses |
Businesses are responsible for identifying the principal risks of the business and implementing appropriate measures to mitigate those risks. To determine the significance of privacy risk, it is important to conduct a privacy risk assessment. The results of that assessment will dictate whether, and to what extent, a privacy program should be established.
Personal information privacy risk can have a pervasive impact on a business. For example, it can lead to:
damage to the reputation of the business and to business relationships;
legal liability and sanctions;
charges of deceptive business practices;
customer and employee distrust;
denial of consent to use personal information for business purposes; and
lost business and consequential reduction in sales and profits.
This booklet highlights key questions a business should ask with the aim of understanding privacy risk, implementing a privacy program, managing privacy risk and obtaining privacy assurance.
Download 20 Questions Businesses Should Ask about Privacy for additional information.
Privacy Services Prospect Checklist
This checklist is aimed at assisting practitioners in small and medium-sized firms in focusing their marketing efforts by identifying characteristics of existing and prospective clients that will experience the greatest benefit by investing in privacy services.
Privacy Risk Assessment Questionnaire
This questionnaire highlights key questions businesses should ask with the aim of understanding privacy risk, implementing sound privacy policies and practices, managing privacy risk, and obtaining privacy assurance.
Building a Privacy Practice in Small and Medium-Sized CPA Firms
This guide serves as the first step for practitioners reviewing or considering investing time and resources in Privacy Advisory Services.
Incident Response Plan (PDF) and Incident Response Plan (Word Document)
This Incident Response Plan template can be used to help you design, develop, or adapt your own plan and better prepare you for handling a breach of personal information within your organization.