Tag Archives: GAPP

Review and Critique of Generally Accepted Privacy Principles — Part 4

March 21, 2012 – 6:00 am – 2.4. GAPP Assessment Procedures GAPP Approach: Again, the AICPA and CICA claim that each of GAPP’s 10 privacy principles is supported by “relevant, objective, complete, and measurable criteria.” Critique: While in many cases it is obvious how an auditor should test compliance…
By | Posted in Privacy | Also tagged , | Comments (0)

Review and Critique of Generally Accepted Privacy Principles — Part 3

March 19, 2012 – 6:00 am – 2.3. The Structure of GAPP Apart from the problem of how to determine the scope of personal information, GAPP faces a further problem concerning how to interpret the overall framework.  In database terminology, GAPP may be thought of as a database consisting of two tables: principles and…
By | Posted in Privacy | Also tagged , , | Comments (0)

Review and Critique of Generally Accepted Privacy Principles — Part 2

March 5, 2012 – 6:00 am – 2. Critique 2.1. GAPP’s Definition of Privacy GAPP Approach: The AICPA and CICA define privacy as “the rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure, and disposal of personal information.”[1] Critique: There are four…
By | Posted in Privacy | Also tagged , , , | Comments (0)

Review and Critique of Generally Accepted Privacy Principles (GAPP) — Part 1

February 21, 2012 – 9:00 am – 1. Overview Service management has ITIL. Quality has ISO 9000. Information security has numerous options, including ISO/IEC 27001, COBIT, and NIST SP 800-53. What about information privacy? Many regulatory and standards organizations have adopted their own frameworks or approaches to information…
By | Posted in Privacy | Also tagged , | Comments (1)