Generally Accepted Privacy Principles (GAPP) is a framework intended to assist chartered accountants and certified public accountants in creating an effective privacy program for managing and preventing privacy risks. The framework was developed through joint consultation between the Canadian Institute of Chartered Accountants (CICA) and the American Institute of Certified Public Accountants (AICPA) through the AICPA/CICA Privacy Task Force. It is a component of SOC 2.[1]
The GAPP framework was previously known as the AICPA/CICA Privacy Framework, and is founded on a single privacy principle: personally identifiable information must be collected, used, retained and disclosed in compliance with the commitments in the entity's privacy notice and with criteria set out in the GAPP issued by the AICPA/CICA. This privacy objective is supported by ten main principles and over seventy objectives, with associated measurable criteria. The ten principles are:
- Management
- Notice
- Choice and consent
- Collection
- Use, retention and disposal
- Access
- Disclosure to third parties
- Security for privacy
- Quality
- Monitoring and enforcement
Privacy is defined in Generally Accepted Privacy Principles as "the rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure, and disposal of personal information."[2]
See also
editReferences
edit- ^ "SOC 2 Compliance". Imperva. Retrieved 2019-11-18.
- ^ "Generally Accepted Privacy Principles, CPA and CA Practitioner Version" (PDF).
External links
edit- Fill the GAPP, Cal CPA magazine, Oct 2007
- Review and Critique of GAPP, Society of Information Risk Analysts Feb 2014
- GAPP Targets Privacy Risks, Journal of Accountancy
- Comparison of eight Governance Risk Control (GRC) Regulatory Compliances