As significant changes continued to have an important impact on information technologies and in global, country-specific and local data privacy laws and standards, in 2009 a American Institute of CPAs (AICPA) Privacy Task Force was formed and published its Generally Accepted Privacy Principles (GAPP), a framework for implementing sound data privacy controls.
Since 2009, new global and local privacy legislation was enacted, necessitating the AICPA to revisit the GAPP document, and update it to reflect the impact of these requirements such as the EU’s General Data Protection Regulation (GDPR). Now renamed the Privacy Management Framework (PMF), this 2020 re-issued framework provides members (CPAs and CITPs) with relevant links to the EU’s General Data Protection Regulation (GDPR) and the AICPA’s Trust Services Criteria (TSC) which had also been updated to align with updates required by the release of SSAE18. The new PMF is designed to assist management in creating an effective data privacy program that addresses its privacy obligations and risks, while facilitating current and future business opportunities for CPAs and CITPs who might be engaged with an organization's management in these activities.
Learning Objectives: · Identify the nine components of the Privacy Management Framework. · Recognize how to measure an organization’s privacy program against a comprehensive framework. · Identify ways that incorporating the Privacy Management Framework into your organization’s privacy program can help provide a structure for compliance, management and audit criteria. · Apply best practices to manage personal information and mitigate privacy risk for an organization.