Privacy standards to help companies better manage personal information released for comment.Last month the AICPA AICPA See American Institute of Certified Public Accountants (AICPA). issued an exposure draft of the new AICPA/CICA Privacy Framework. The proposed framework includes an enterprise-wide privacy principle along with 10 privacy components and related criteria essential for proper protection and management of personal information, both online and offline. The exposure draft is available at www.aicpa.org/innovation/ baas/ewp/2003_06_ed_execsumm.asp. Comments are due Aug. 31. Effective privacy practices are a key part of corporate governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. and accountability The traceability of actions performed on a system to a specific system entity (user, process, device). For example, the use of unique user identification and authentication supports accountability; the use of shared user IDs and passwords destroys accountability. . Organizations are trying to strike a balance between the proper collection and use of their customers' personal information. Specific risks of having inadequate privacy policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental include damage to the organization's reputation, brand or business relationships; legal liability; customer or employee distrust; and loss of revenue and market share. The 10 privacy components and related criteria included in the proposed framework cover the following areas: management; notice; choice and consent; collection; use and retention; access; disclosure to third parties; security; quality; and monitoring and enforcement. Many CPAs, including those working in business as well as those in public practice, are skilled at examining management information systems and identifying the controls needed to effectively manage risk. Many organizations are looking to CPAs for assistance in designing, implementing, maintaining and evaluating their privacy programs. In this respect, CPAs are in a unique position to provide privacy services to the organizations they serve that mitigate mit·i·gate v. To moderate in force or intensity. mit  i·ga tion n. privacy-related risks, protect valuable business assets, preserve and enhance an organization's brand and reputation, and maintain and enhance customer loyalty and employee relationships. The AICPA/CICA Privacy Framework provides a foundation for delivering such value-added val·ue-add·edadj. Of or relating to the estimated value that is added to a product or material at each stage of its manufacture or distribution: privacy services. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion