Information, Articles, Tools, and Useful LinksCommittee Listings, Member Forums, and Find a CITPInformation on AICPA Tech. Conference, Seminars, Webcasts, and ConferencesIT Section Membership Information, CITP Credential Information, Members Only Tools and Communications, and MorePublications, CPE, Conferences, and Webcasts
 
Search
 

Search Options
Infotech Home > Resources > Privacy / Data Protection > Federal, State and Other Professional Regulations

Federal, State and Other Professional Regulations

CPAs engaged to perform privacy advisory services and attestation engagements must follow the pertinent, laws, rules, and standards. This resource section provides an overview of developments on information privacy in the United States. It reviews the Safe Harbor Agreement with the European Union, Privacy Act of 1974, Electronic Freedom of Information Act 1996, Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act, and Children's Online Privacy Protection Act. It also includes various State regulations, IRS Code and the AICPA Professional Code of Conduct.

The Right to Financial Privacy Act (RFPA) of 1978
This Act protects the confidentiality of personal financial records by creating a statutory Fourth Amendment protection for bank records. The Act was essentially a reaction to the U.S. Supreme Court's 1976 ruling in United States v. Miller, where the Court found that bank customers had no legal right to privacy in financial information held by financial institutions. (Generally, the RFPA requires that federal government agencies provide individuals with a notice and an opportunity to object before a bank or other specified institution can disclose personal financial information to a federal government agency, often for law enforcement purposes. The RFPA was amended due to the USA Patriot Act of 2001: Section 358 of the U.S. Patriot Act amended the RFPA to permit the disclosure of financial information to any intelligence or counter-intelligence agency in any investigation related to international terrorism. Learn More>>

 

Fair Credit Reporting Act
This Act establishes procedures for correcting mistakes on your credit record and requires that your record only be provided for legitimate business needs. Visit the link below to learn more about credit reporting. Learn More>>

How Private Is My Credit Report?
This guide provides information on ways you can safeguard your privacy such as ordering your credit report once a year and knowing your credit reporting rights. Learn More>>

 

The Family Educational Rights and Privacy Act (FERPA)

(20 U.S.C. § 1232g; 34 CFR Part 99)

FERPA is a Federal law that protects the privacy of student education records. Schools that receive funding through an applicable program from the U.S. Department of Education are required to adhere to this Federal law. Learn More>>
Final Rules on Identity Theft Red Flags and Notices of Address Discrepancy
Under the Red Flags Rules, financial institutions and creditors must develop and implement a written Identity Theft Prevention Program. The Program must also describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the Program.  Learn More>>
A CPA's Guide to Creating an Identity Theft Prevention Program

At the request of Members of Congress, the Federal Trade Commission is delaying enforcement of the “Red Flags” Rule until June 1, 2010, for financial institutions and creditors subject to enforcement by the FTC. The Rule was due to become effective on November 1, 2009 and once again it has been delayed. In anticipation of the enforcement, the AICPA developed a practice guide for members, which provides guidance on developing an Identity Theft Prevention Program (ITPP) as required by the FTC’s Red Flags Rule.

 

Firms can use the template as a starting point to set up their ITPP, but it must be tailored to reflect the firm's business situation. In addition to internal use, this template can be used by CPA firms to provide guidance to their clients in setting up an ITPP. Learn More>>
E Government Act of 2002
The objective of this Act is to improve the management and promotion of electronic government services and processes by establishing a Federal Chief Information Officer within the Office of Management and Budget, and by providing a framework of measures that require using Internet-based information technology to enhance citizen access to government information and services, and for other purposes. Learn More>>


CAN-SPAM Act
The Controlling the Assult of Non-Solicited Pornography and Marketing (CAN-SPAM) Act requires unsolicited commercial e-mail messages to be labeled (though not by a standard method) and to include opt-out instructions and the sender's physical address. It prohibits the use of deceptive subject lines and false headers in such messages. Learn More>>