Privacy has become a significant business risk to
organizations that collect, use, retain and disclose personally identifiable
information about customers and employees. As a result, business owners, board members
and executive management need to assess whether their handling of personally
identifiable information complies with numerous privacy laws and regulations. To
provide guidance, the AICPA issued a Business Brief on April 10, 2012 called
20 Questions Businesses Should Ask About
Privacy. It was prepared by Nancy Cohen, CPA.CITP, CIPP, CGMA, Senior
Technical Manager, AICPA Member Specialization & Credentialing.
The questions contained in that Brief were adapted from the
guidance booklet,
20 Questions BusinessesShould Ask About Privacy previously published by the Canadian Institute of
Chartered Accountants (CICA). They are key questions a business should ask with
the aim of understanding privacy risk, implementing a privacy program, managing
privacy risk and obtaining privacy assurance.
