slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Generally Accepted Privacy Principles A Global Privacy Framework PowerPoint Presentation
Download Presentation
Generally Accepted Privacy Principles A Global Privacy Framework

Loading in 2 Seconds...

play fullscreen
1 / 12

Generally Accepted Privacy Principles A Global Privacy Framework - PowerPoint PPT Presentation


  • 162 Views
  • Uploaded on

Generally Accepted Privacy Principles A Global Privacy Framework. Nicholas F. Cheung, CA, CIPP/C The Canadian Institute of Chartered Accountants. Why Is the Accounting Profession Involved with Privacy?. Privacy is a risk management issue Accountants are trusted business advisors

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Generally Accepted Privacy Principles A Global Privacy Framework


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. Generally Accepted Privacy Principles A Global Privacy Framework Nicholas F. Cheung, CA, CIPP/C The Canadian Institute of Chartered Accountants 29e Confrence internationale des commissaires à la protection de la vie prive

    2. Why Is the Accounting Profession Involved with Privacy? • Privacy is a risk management issue • Accountants are trusted business advisors • Goes “hand in glove “ with internal control assessments • Need for external assurance regarding an organization’s privacy practices • CAs are recognized for their audit expertise • Any audit requires an examination against “suitable criteria” • Standard setting experience • CICA sets accounting and assurance standards for businesses, not-for-profit organizations and government 29e Confrence internationale des commissaires à la protection de la vie prive

    3. What are Generally Accepted Privacy Principles (GAPP)? • A privacy framework to help both public and private entities develop and assess their privacy program and privacy risk • Developed by the CICA and AICPA • To create a common North American standard • Endorsed and supported by: • ISACA – Information System and Audit Control Assoc • IIA – The Institute of Internal Auditors 29e Confrence internationale des commissaires à la protection de la vie prive

    4. Generally Accepted Privacy Principles Management Notice Choice & Consent Collection Use & Retention Access Disclosure to Third Parties Security for Privacy Quality Monitoring & Enforcement 29e Confrence internationale des commissaires à la protection de la vie prive

    5. 29e Confrence internationale des commissaires à la protection de la vie prive

    6. The Benefits of GAPP • Comprehensive • Framework of over 60 measurable and relevant criteria • Not just a list of principles • Objective • Developed by the auditing profession to • Address international expectations • Create a basis for comparability • Universally available at no charge • Relevant • Widespread use and recognition • Applicable for evaluating privacy risk enterprise-wide • Recognized as suitable criteria for a privacy audit • Can also be the basis for an internal assessment 29e Confrence internationale des commissaires à la protection de la vie prive

    7. Example of GAPP Criteria 29e Confrence internationale des commissaires à la protection de la vie prive

    8. External Reports for Privacy • Benefits of third-party assurance • Independent • Objective • Trained in audit techniques • Why Is This Important • Strengthen customer confidence • Provide useful reports to internal and external stakeholders • Required as part of a contract 29e Confrence internationale des commissaires à la protection de la vie prive

    9. Specified Procedures Engagement • What Is It? • A special type of engagement where the procedures are agreed upon by the client and the public accountant • Accountant provides a report listing any exceptions found • Not an audit opinion • Limited distribution of report • When Would This Be Useful? • Organization may not be ready for an audit, but want to provide a third-party report on privacy • Could use selected criteria from GAPP • More cost effective than an audit 29e Confrence internationale des commissaires à la protection de la vie prive

    10. External Audit • What Is It? • Similar to auditor’s report used for financial statements (GAPP vs. GAAP) • Provides reasonable assurance • Unlimited distribution of report • When Would This Be Useful? • Provide assurance to • Customers and prospective customers • Employees / Board of Directors • Regulatory and government bodies • To obtain assurance over privacy practices of a 3rd-party vendor (outsourcing contract requirement) 29e Confrence internationale des commissaires à la protection de la vie prive

    11. Other Uses of GAPP • Privacy Risk Assessment • Diagnose new or current privacy program • Cannot be relied upon for legal compliance • Benchmarking • Against GAPP criteria or compare results against prior GAPP assessments • Can be used in a local, national or international context • Privacy Notice Development 29e Confrence internationale des commissaires à la protection de la vie prive

    12. Contact Info www.cica.ca/privacy Nicholas F. Cheung, CA, CIPP/C Principal, Assurance Services Development CICA (416) 204-3251 nicholas.cheung@cica.ca 29e Confrence internationale des commissaires à la protection de la vie prive