Information, Articles, Tools, and Useful LinksCommittee Listings, Member Forums, and Find a CITPInformation on AICPA Tech. Conference, Seminars, Webcasts, and ConferencesIT Section Membership Information, CITP Credential Information, Members Only Tools and Communications, and MorePublications, CPE, Conferences, and Webcasts
 
Search
 

Search Options

Printer Friendly View

Infotech Home > Resources > Privacy / Data Protection > Generally Accepted Privacy Principles > Generally Accepted Privacy Principles
Generally Accepted Privacy Principles

Generally accepted privacy principles are part of the AICPA and CICA Trust Services Principles and Criteria that are based upon a common framework (that is, a core set of principles and criteria) to provide professional attestation or assurance and consulting or advisory services. The Trust Services Principles and Criteria were developed by volunteer task forces under the auspices of the AICPA and CICA.

 

Generally Accepted Privacy Principles (GAPP) provide criteria and related material for protecting the privacy of personal information and can be used by certified public accountants (CPAs) in the United States and chartered accountants (CAs) in Canada, both in industry and in public practice, to guide and assist the organizations they serve in implementing privacy programs. GAPP has been developed from a business perspective, referencing some, but by no means all, significant local, national, and international privacy regulations. Generally Accepted Privacy Principles is the intellectual capital and body of knowledge that provides the foundation for CPA and CA-related privacy advisory and assurance services.

 

CPAs and CAs in public practice will be able to offer clients a full range of services, including privacy strategic and business planning, privacy gap and risk analysis, benchmarking, privacy policy design and implementation, performance measurement, and independent verification of privacy controls, which includes attestation engagements. CPA and CAs in industry can enhance their value to their employers by offering privacy advisory services and performing internal assessments against something they can measure—generally accepted privacy principles.

 

Questions and comments on Generally Accepted Privacy Principles should be sent to Nancy Cohen, Senior Technical Manager, AICPA Specialized Communities and Practice Management, or Nicholas Cheung, CICA, Principal, Assurance Services Development.

 

Download the Generally Accepted Privacy Principles―Business Version

 

Download the Generally Accepted Privacy Principles—Practitioners Version

 

 

 

 

The CPA and CA practitioner version is identical to Generally Accepted Privacy Principles with the exception of appendix B, "CPA and CA Practitioner Services Using Generally Accepted Privacy Principles," and appendix C, "Illustrative Privacy Examination and Audit Reports." These additional appendixes are intended primarily to assist CPAs and CAs in public practice in providing privacy services to their clients.

 

Generally Accepted Privacy Principles are effective October 30, 2009.

Copyright © 2009 by the American Institute of Certified Public Accountants, Inc., New York, New York.