CPA’s have Privacy and Security Compliance Requirements too
Certified Public Accountants (CPA) have Privacy and Security compliance requirements similar to those of industries, such as healthcare and financial entities.
The American Institute of CPAs (AICPA) addresses the obligations of CPA’s through the adoption of the Generally Accepted Privacy Principles (GAPP) and its Security platform on Cybersecurity, for ensuring the confidentiality, integrity, and availability of data.
CPAs are adept at performing comprehensive risk assessments for businesses and developing risk management solutions that can give companies competitive marketplace advantages. The Security and Privacy requirements of the AICPA addresses the “risk management issue for all organizations.”
CPAs provide guidance to their clients by using both GAPP and the Cybersecurity platforms assessing their client’s privacy and security-related risks and developing best practices.
The AICPA recommends implementing the following:
Security for Privacy
Use and Retention
As with many industries, we are great at providing answers and services for our client, however, what about your own CPA firm?
I am reminded of the story of the cobbler, who own children had no shoes. Is your firm compliant in both the Security and Privacy obligations and best practices of the AICPA?
Beyond the ethical compliance of the AICPA, there are many governmental regulations requiring compliance within Information Security. Here are just a few:
Federal Trade Commission -- 16 CFR part 314.
The Controlling the Assault of Non-Solicited Pornography and Marketing Act and Section 5
The Gramm-Leach-Bliley Act (GLBA)-The FTC's Safeguards Rule promulgated under GLBA is aimed at ensuring the safeguarding and confidentiality of customer information held in the possession of covered "financial institutions. “The FTC views law firms as providing financial services because of the board definition of GLBA.
European Union-- Directive 2002/58 on Privacy and Electronic Communications for data protection and privacy in the digital age.
Federal Communication Commission-Major Cybersecurity Threats.
Computer Fraud and Abuse Act – 18 U.S.C 1030.
Defend Trade Secrets Act of 2016 amends The Economic Espionage Act of 1996– Department of Justice.
National Information Infrastructure Protection Act of 1996 - Revises the federal criminal code provisions regarding fraud and related activity in connection with computers.
The Health Insurance Portability and Accountability Act of 1996– Office for Civil Rights. Imposes security obligations in handling of Protected Health Information.
Health Information Technology for Economic and Clinical Health Act-- imposes additional information security obligations on HIPAA covered entities and business associates of covered entities.
The Electronic Communications Privacy Act, includes the Wiretap Act and Stored Communications Act governing the interception and review of electronic and wire communications.
Fair Credit Reporting Act and the Fair and Accurate Credit Transactions Act addresses information security and identity theft, and govern the use and disclosure of consumer reports.
Uniformed Trade Secrets Act– 48 states.
Industry Standards– The Payment Card Industry Data Security Standard. (PCI-DSS)
In 2015, 65% of all businesses experienced a breach. Of those, 39% did not have a clue that a breach has happened. Once the breach was discovered, it was determined that the breach had happened a minimum of 12 to 18 months earlier.
Just released- Judith's 2016 Edition of “A Practical Guide to Understanding and Implementing HIPAA”. Click links below for more information-
Judith is an accredited Certified HIPAA Professional (CHP). As the owner of JAL, Judith is your subject matter expert providing guidance to organizations within HIPAA, GLBA, False Claim and other regulatory agencies. Judith provides reasonable and appropriate compliance policies, procedures within your Compliance Program. As a guru in compliance, Judith delivers compliance employee training programs, and participates in educational speaking engagements for the industries who handle Protected Health Information. To read more about the world of compliance subscribed to JAL’s insightful newsletter at www.jalconsultantsaz.com.
Personal Information Collected Online
•Personal Information means personally identifiable information such as information provided via forms, surveys, applications or other online fields including name, postal or email addresses, telephone, fax or mobile numbers, or account numbers.
•Before or at the time of collecting personal information, JAL will identify the purposes for which the information is being collected.
•JAL will collect and use personal information solely for the purpose of fulfilling specific contracted engagements or for other compatible purposes, unless consent is obtained from the company and/or individual concerned or as required by law.
•JAL will retain personal information as long as necessary for the fulfillment of a specific contract or for a specific purpose.
•JAL will collect personal information as deemed lawful and where appropriate with the knowledge and/or the consent of the individual or company.
•Personal data should be relevant to the extent of necessary purposes and should be accurate, complete and up-to-date.
•JAL will protect personal information by reasonable safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
•JAL will make readily available to customer’s information about our policies and practices relating to the management of personal information. Terms and Conditions
JAL is committed to conducting our business in accordance with these principals in order to ensure that the confidentially of personal information is protected and maintained. By accessing this website, you are agreeing and bounded by these Website Terms and Conditions of Use, all applicable laws and regulations. If you do not agree with these Terms and Conditions, you are prohibited from using or accessing this website. The materials contained in this Web Site are protected by all applicable copyright and trade mark laws.
Our Online Notices are subject to change. Please review it periodically. If we make changes, we will revise the “Last Updated” date at the top of this Notice. Any changes will become effective the date the revised Notice is posted on the Site.