Information, Articles, Tools, and Useful LinksCommittee Listings, Member Forums, and Find a CITPInformation on AICPA Tech. Conference, Seminars, Webcasts, and ConferencesIT Section Membership Information, CITP Credential Information, Members Only Tools and Communications, and MorePublications, CPE, Conferences, and Webcasts
 
Search
 

Search Options

Printer Friendly View

Infotech Home > Resources > Privacy > Generally Accepted Privacy Principles > Generally Accepted Privacy Principles
Generally Accepted Privacy Principles

The Assurance Services Executive Committee (ASEC) of the American Institute of Certified Public Accountants (AICPA) and the Assurance Services Development Board (ASDB) of the Canadian Institute of Chartered Accountants (CICA) issued the AICPA/CICA Privacy Framework including the AICPA/CICA Trust Services Privacy Principle and Criteria in November 2003. Online Privacy has been part of the AICPA/CICA Trust Services, which also include a core set of principles and criteria covering security, processing integrity, availability, and confidentiality. The Framework criteria replaced the existing Trust Services Online Privacy Principle and Criteria and became known as the AICPA/CICA Trust Services Privacy Principle and Criteria.

 

This framework has been updated in 2006 to reflect that the principles included have now become more widely accepted. Accordingly, the framework has now been renamed as Generally Accepted Privacy Principles. The institutes are making these principles and criteria widely available to all parties interested in addressing privacy issues.

 

Generally Accepted Privacy Principles (GAPP) provide criteria and related material for protecting the privacy of personal information and can be used by certified public accountants (CPAs) in the United States and chartered accountants (CAs) in Canada, both in industry and in public practice, to guide and assist the organizations they serve in implementing privacy programs. GAPP incorporates concepts from significant domestic and international privacy laws, regulations, and guidelines. Generally Accepted Privacy Principles is the intellectual capital and body of knowledge that provides the foundation for CPA/CA-related privacy advisory and assurance services.

 

CPAs/CAs in public practice will be able to offer clients a full range of services, including privacy strategic and business planning, privacy gap and risk analysis, benchmarking, privacy policy design and implementation, performance measurement, and independent verification of privacy controls, which includes attestation engagements. CPA/CAs in industry can enhance their value to their employers by offering privacy advisory services and performing internal assessments against something they can measure—the Generally Accepted Privacy Principles.

 

Questions and comments on the Generally Accepted Privacy Principles should be sent to Nancy Cohen, Senior Technical Manager, AICPA Specialized Communities and Practice Management, or Nicholas Cheung, CICA, Principal, Assurance Services Development.

 

Download the Generally Accepted Privacy Principles―Business Version

 

Download the Generally Accepted Privacy Principles - Practitioners Version

 

The CPA/CA practitioner version is identical to "Generally Accepted Privacy Principles―A Global Privacy Framework" with the exception of Appendix C, "Practitioner Services Using Generally Accepted Privacy Principles," and Appendix D, "Illustrative Privacy Examination/Audit Reports." These additional appendices are intended primarily to assist CPAs and CAs in public practice in providing privacy services to their clients.
Copyright © 2005 by the American Institute of Certified Public Accountants, Inc., New York, New York.