Privacy is a growing concern in our digital world, but in most cases it has been a poorly defined concern. That could soon change, thanks to a three-year-old project by two leading accounting organizations.

The American Institute of Certified Public Accountants (AICPA) and Canadian Institute of Chartered Accountants (CICA) drafted a list of 10 generally accepted privacy principles in 2009. Their goal was to establish what “privacy” entailed, how it is maintained, and what is impacted in order to protect it.

Those 10 principles have been incorporated into Service Organization Controls (SOC) reports, which are increasingly popular in the business world as a way to protect outsourced data. As more companies become familiar with SOC reports, those 10 principles are likely to become the de facto definition of privacy in the business world. So, if you are in the process of creating or updating your privacy policy, those principles are a good place to start.

Among other things, the generally accepted privacy principles (GAPP) draw a distinction between personal information and confidential information. “Personal information” refers to any information that is linked to an identifiable person, such as a name or Social Security number. “Confidential information” refers to any information that two parties agree to not share, such as a business plan or a bid price.

Leave a Reply

Your email address will not be published. Required fields are marked *