Privacy has become a significant business risk to organizations that collect, use, retain and disclose personally identifiable information about customers and employees.  Whether it is complying with numerous privacy laws and regulations in jurisdictions where the organization does business or meeting customers’ and employees’ expectations for handling their personal information, executive management, Boards of Directors, owners, and privacy professionals are looking for guidance and tools to address this business concern.

A good first step to address privacy risks within an organization is to perform a privacy risk assessment.  The AICPA/CICA Privacy Risk Assessment Tool is designed to help CPAs/CAs, management, owners, and other privacy professionals accomplish this task in an effective and comprehensive manner.  The tool utilizes the ten principles and 66 criteria contained in the AICPA/CICA Generally Accepted Privacy Principles (www.aicpa.org/privacy) or (www.cica.ca/privacy).  It provides the organization with the principles and criteria that is contained in many privacy laws and regulations worldwide including good privacy practices to benchmark against.

The tool is available for members of the Information Technology Section and accessible on the AICPA/CICA Privacy Assessment Tool page.

Non-members that have an interest in reviewing the Beta version may send a request for the files by e-mailing privacytool@aicpa.org.

Additional privacy material and resources are available at www.aicpa.org/privacy and www.cica.ca/privacy.