In August 2009, The American Institute of CPAs (AICPA) and the Canadian Institute of Chartered Accountants (CICA), with contributions from the Information Systems Audit and Control Association (ISACA) and The Institute for Internal Auditors (IIA) published the Generally Accepted Privacy Principles (GAPP). These are the de-facto standards for data privacy, meant to serve as a framework for creating an effective privacy program.

GAPP has a single objective:GAPP Objective Box

The benefit of this single objective is that the framework is scalable across industries and companies of various sizes. The GAPP is meant to encourage the implementation of good privacy practices from a business perspective and can be used by any organization as part of an effective privacy program.

To achieve the single objective, there are 10 main privacy principles and numerous illustrative controls and procedures. The 10 GAPP principles were developed based on international and domestic privacy laws and regulations, with consideration given to leading practices.

The 10 principles are as follows:Infographic Top 10 Template GRCential2

When a company or organization fails to appropriately protect the personal information of their customers and employees, the negative impact can be devastating. Loss of revenue, fines, unfavorable headlines can and have affected many entities that did not follow a standard of care for their personal information and data.

We can help your organization implement solid controls that support an effective and efficient data privacy program, lessening the risk of data breach and the costs associated with such an occurrence. Contact us.

Source: Journal of Accountancy. Published July 2011 and accessed July 2017.