1 / 12

Generally Accepted Privacy Principles A Global Privacy Framework

Generally Accepted Privacy Principles A Global Privacy Framework. Nicholas F. Cheung, CA, CIPP/C The Canadian Institute of Chartered Accountants. Why Is the Accounting Profession Involved with Privacy?. Privacy is a risk management issue Accountants are trusted business advisors

kelli
Download Presentation

Generally Accepted Privacy Principles A Global Privacy Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Generally Accepted Privacy Principles A Global Privacy Framework Nicholas F. Cheung, CA, CIPP/C The Canadian Institute of Chartered Accountants 29e Confrence internationale des commissaires à la protection de la vie prive

  2. Why Is the Accounting Profession Involved with Privacy? • Privacy is a risk management issue • Accountants are trusted business advisors • Goes “hand in glove “ with internal control assessments • Need for external assurance regarding an organization’s privacy practices • CAs are recognized for their audit expertise • Any audit requires an examination against “suitable criteria” • Standard setting experience • CICA sets accounting and assurance standards for businesses, not-for-profit organizations and government 29e Confrence internationale des commissaires à la protection de la vie prive

  3. What are Generally Accepted Privacy Principles (GAPP)? • A privacy framework to help both public and private entities develop and assess their privacy program and privacy risk • Developed by the CICA and AICPA • To create a common North American standard • Endorsed and supported by: • ISACA – Information System and Audit Control Assoc • IIA – The Institute of Internal Auditors 29e Confrence internationale des commissaires à la protection de la vie prive

  4. Generally Accepted Privacy Principles Management Notice Choice & Consent Collection Use & Retention Access Disclosure to Third Parties Security for Privacy Quality Monitoring & Enforcement 29e Confrence internationale des commissaires à la protection de la vie prive

  5. 29e Confrence internationale des commissaires à la protection de la vie prive

  6. The Benefits of GAPP • Comprehensive • Framework of over 60 measurable and relevant criteria • Not just a list of principles • Objective • Developed by the auditing profession to • Address international expectations • Create a basis for comparability • Universally available at no charge • Relevant • Widespread use and recognition • Applicable for evaluating privacy risk enterprise-wide • Recognized as suitable criteria for a privacy audit • Can also be the basis for an internal assessment 29e Confrence internationale des commissaires à la protection de la vie prive

  7. Example of GAPP Criteria 29e Confrence internationale des commissaires à la protection de la vie prive

  8. External Reports for Privacy • Benefits of third-party assurance • Independent • Objective • Trained in audit techniques • Why Is This Important • Strengthen customer confidence • Provide useful reports to internal and external stakeholders • Required as part of a contract 29e Confrence internationale des commissaires à la protection de la vie prive

  9. Specified Procedures Engagement • What Is It? • A special type of engagement where the procedures are agreed upon by the client and the public accountant • Accountant provides a report listing any exceptions found • Not an audit opinion • Limited distribution of report • When Would This Be Useful? • Organization may not be ready for an audit, but want to provide a third-party report on privacy • Could use selected criteria from GAPP • More cost effective than an audit 29e Confrence internationale des commissaires à la protection de la vie prive

  10. External Audit • What Is It? • Similar to auditor’s report used for financial statements (GAPP vs. GAAP) • Provides reasonable assurance • Unlimited distribution of report • When Would This Be Useful? • Provide assurance to • Customers and prospective customers • Employees / Board of Directors • Regulatory and government bodies • To obtain assurance over privacy practices of a 3rd-party vendor (outsourcing contract requirement) 29e Confrence internationale des commissaires à la protection de la vie prive

  11. Other Uses of GAPP • Privacy Risk Assessment • Diagnose new or current privacy program • Cannot be relied upon for legal compliance • Benchmarking • Against GAPP criteria or compare results against prior GAPP assessments • Can be used in a local, national or international context • Privacy Notice Development 29e Confrence internationale des commissaires à la protection de la vie prive

  12. Contact Info www.cica.ca/privacy Nicholas F. Cheung, CA, CIPP/C Principal, Assurance Services Development CICA (416) 204-3251 nicholas.cheung@cica.ca 29e Confrence internationale des commissaires à la protection de la vie prive

More Related