Generally Accepted Privacy Principles seek to curtail identity theft

TORONTO , Dec. 3 /CNW/ - In light of a spike in identity theft and the frequency with which personal information is stored on portable devices, the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) have expanded Generally Accepted Privacy Principles (GAPP) to include protocols for securing and disposing of personal information.

"Safeguarding personal information is one of the most challenging responsibilities facing an organization, whether such information pertains to employees or customers," said Everett C. Johnson, CPA, chair of AICPA/CICA Privacy Task Force and a past international president of ISACA, a global information technology association. "We've updated the criteria of our privacy principles to minimize the risks to personal information."

GAPP offers guidance and best practices on securing portable devices, breach management and ensuring continued effectiveness of privacy controls. The guidance additionally covers disposal and destruction of personal information. The principles are designed for chief privacy officers, executive management, compliance officers, legal counsel, CPAs and CAs offering technology advisory services.

"Portable tools such as laptops and memory sticks provide convenience to employees but appropriate measures must be put in place to secure them and the data they contain," said Donald Sheehy , CA.CISA, CIPP/C, associate partner with Deloitte ( Canada ) and a member of the AICPA/CICA Privacy Task Force. "We must stay abreast of technological advances to assure that proper measures are put into place to defend against any new threats."

Created by the AICPA/CICA Privacy Task Force, GAPP is designed to help an organization's management team assess an existing privacy program or address privacy obligations and risks. The principles provide a framework for CPAs and CAs to offer privacy services to their clients and employers, such as advisory services, privacy risk assessments and attestation or audits. Introduced in 2003, GAPP was previously updated in 2006.

Several organizations worked in conjunction with the AICPA and CICA on GAPP, including ISACA and the Institute of Internal Auditors. It is available in two versions, one for business management and one for CPAs and CAs in public practice who provide consulting and attestation/audit services.

The mission of the Privacy Task Force is to examine the role CPAs and CAs can play in advising clients and employers about privacy issues and risks and to create a benchmark for good privacy practices.

Copies of GAPP along with additional privacy resources are available at www.aicpa.org/privacy and www.cica.ca/privacy.

About The Canadian Institute of Chartered Accountants (CICA)

The CICA, together with the provincial, territorial and Bermuda Institutes/Ordre of Chartered Accountants, represents a membership of approximately 75,000 CAs and 12,000 students in Canada and Bermuda . The CICA conducts research into current business issues and supports the setting of accounting, auditing and assurance standards for business, not-for-profit organizations and government. It issues guidance on control and governance, publishes professional literature, develops continuing education programs and represents the CA profession nationally and internationally. CICA is a founding member of the International Federation of Accountants (IFAC) and the Global Accounting Alliance (GAA).

About the AICPA

The American Institute of Certified Public Accountants (www.aicpa.org) is the national, professional association of CPAs, with more than 360,000 members, including CPAs in business and industry, public practice, government, and education. It sets ethical standards for the profession and U.S. auditing standards for audits of private companies; federal, state and local governments; and not-for-profit organizations. It develops and grades the Uniform CPA Examination.

The AICPA maintains offices in New York, Washington, D.C., Durham, N.C., Ewing, N.J, and Lewisville, Texas.

For further information: or to arrange an interview, contact: Tobin Lambie, Manager, Media, CICA, (416) 204-3228, [email protected]