It’s a Matter of Privacy.


MONTHLY CHECKLIST SERIES
Consumers have grown increasingly concerned about the misuse of their personal information, and regulatory bodies have been cracking down on offenders. You can see the many complaints filed against corporations on the FTC Web site at www.ftc.gov/privacy/privacyinitiatives/promises_enf.html . CPAs should advise clients or employers to familiarize themselves with U.S. privacy laws that protect consumers’ interests (see “ E-Mail and the Law ”) and to review their privacy policies to see whether they are adequate.
Here’s a questionnaire you can use to help an entity conduct an initial risk assessment of its information-handling activities.

Understanding privacy
What personal information about customers and employees does the organization collect and retain?

What personal data are used in carrying out business, for example, in sales, marketing, fund raising and customer relations?

What personal information is obtained from or disclosed to affiliates or third parties, for example, in payroll outsourcing?

What is the impact of U.S. privacy laws and regulations and/or international privacy requirements on the company? (This may require a legal interpretation.)

How does the organization’s business plan address the privacy of personal information?

Implementing a privacy program
To what degree is the company’s senior management actively involved in the development, implementation and/or promotion of privacy measures within the organization?

Has the entity assigned someone (for example, a chief privacy officer) the responsibility for compliance with privacy legislation?

Has the designated privacy officer been given clear authority to oversee the company’s information-handling practices?

Are adequate resources available at the company for developing, implementing and maintaining a privacy compliance system?

What privacy policies has the organization established with respect to the collection, use, disclosure and retention of personal information?

How are the policies and procedures for managing personal information communicated to employees?

How are employees with access to personal information trained in privacy protection?

Are the appropriate forms and documents required by the system fully developed?

Managing privacy risk
What specific objectives have been established in order to comply with the organization’s established privacy policies?

What are the consequences of not meeting the specific privacy objectives?

To what extent have appropriate control measures been identified and implemented?

How is the effectiveness of the privacy control measures monitored and reported?

What mechanisms are in place to effectively address failures to properly apply the company’s established privacy policies and procedures?

The results of the risk assessment will dictate whether and to what extent an entity should implement a privacy program or supplement a current one.

Source: Adapted from “Privacy Risk Assessment Questionnaire,” Privacy Matters: An Introduction to Personal Information Protection, AICPA/CICA, 2003.

SPONSORED REPORT

How the election may affect taxation of business income

This report summarizes recent proposals to reform the U.S. business income tax system and considers the path to enactment of any such legislation.

VIDEO

How to Excel pivot a general ledger

The general ledger is a vast historical data archive of your company's financial activities, including revenue, expenses, adjustments, and account balances. J. Carlton Collins, CPA, shows how to prepare data for, and mine data with, PivotTables.

QUIZ

Did you follow 2016’s biggest accounting news?

CPAs will remember 2016 as a year of new standards and new faces. How well did you follow the biggest accounting events? The 7 questions in this quiz will help you find out