Guidelines Aimed at Thwarting ID Theft, Security Breaches Unveiled

December 3, 2009

Responding to concerns about identity theft and security breaches linked to portable devices, the AICPA and the Canadian Institute of Chartered Accountants have expanded Generally Accepted Privacy Principles to include protocols for securing personal information.

 

The AICPA/CICA Generally Accepted Privacy Principles are recognized by the IRS and other organizations. The privacy framework offers guidance and best practices for securing portable devices, breach management and ensuring continued effectiveness of privacy controls. The guidance also covers disposal and destruction of personal information. 

 

The principles are designed for chief privacy officers, executive management, compliance officers, legal counsel and CPAs offering technology advisory services.

 

“Safeguarding personal information is one of the most challenging responsibilities facing an organization, whether that information pertains to employees or customers,” Everett C. Johnson, CPA, said in a news release. Johnson chairs the AICPA/CICA Privacy Task Force and is a past international president of ISACA, a global information technology association. We’ve updated the criteria of our privacy principles to minimize the risks to personal information.” 

 

Nearly 10 million Americans are victims of identity theft annually, according to the Federal Trade Commission. The estimated cost in 2008 was $48 billion. Increasing incidences of corporate privacy breaches have resulted in lawsuits and regulatory actions, including fines. 

 

“Portable tools such as laptops, memory sticks, two-way pagers and smart phones provide convenience to employees, but appropriate measures must be put in place to secure them and the data they contain,” Donald Sheehy, CA•CISA , CIPP/C, associate partner with Deloitte (Canada) and a member of the AICPA/CICA Privacy Task Force, said in a news release.

 

The new guidance includes best practices for privacy and security in areas such as information classification, risk assessments, and privacy implications of change management. Other changes included clarification and modification of 14 existing GAPP criteria.

 

Several organizations worked with the AICPA and CICA on the Generally Accepted Privacy Principles, including ISACA and the Institute of Internal Auditors. The guidance is available in two versions, one for business management and one for CPAs and CAs in public practice who provide consulting and attestation/audit services.

 

The mission of the Privacy Task Force is to examine the role CPAs and CAs can play in advising clients and employers about privacy issues and risks and to create a benchmark for good privacy practices. 

 

Free copies of the principles, along with additional privacy resources, are available at www.aicpa.org/privacy and www.cica.ca/privacy.

 

PROFESSIONAL DEVELOPMENT: EARLY CAREER

Making manager: The key to accelerating your career

Being promoted to manager is a key development in a young public accountant’s career. Here’s what CPAs need to learn to land that promotion.

PROFESSIONAL DEVELOPMENT: MIDDLE CAREER

Motivation and preparation can pave the path to CFO

CPAs in business and industry face intense competition to land a coveted CFO job. Learn how to best prepare yourself for the role.

PROFESSIONAL DEVELOPMENT: LATE CAREER

Second act: Consulting

CPAs are using experience to carve out late-career niches. Learn how to successfully make a late-career transition to consulting, from CPAs who have done it.