Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: AICPA

Review and Critique of Generally Accepted Privacy Principles — Part 4

– 2.4. GAPP Assessment Procedures GAPP Approach: Again, the AICPA and CICA claim that each of GAPP’s 10 privacy principles is supported by “relevant, objective, complete, and measurable criteria.” Critique: While in many cases it is obvious how an auditor should test compliance…

Review and Critique of Generally Accepted Privacy Principles — Part 3

– 2.3. The Structure of GAPP Apart from the problem of how to determine the scope of personal information, GAPP faces a further problem concerning how to interpret the overall framework.  In database terminology, GAPP may be thought of as a database consisting of two tables: principles and…

Review and Critique of Generally Accepted Privacy Principles — Part 2

– 2. Critique 2.1. GAPP’s Definition of Privacy GAPP Approach: The AICPA and CICA define privacy as “the rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure, and disposal of personal information.”[1] Critique: There are four…