Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) establishes new rules for protecting the privacy of personal information. By January 1, 2004, the new rules will affect all organizations in Canada. Because privacy is a risk management issue, many organizations are turning to CAs and CPAs for help in managing privacy risks, and developing and implementing privacy programs.
The CICA and AICPA are participating in a joint Enterprise-wide Privacy Task Force to support CAs and CPAs in their privacy protection efforts. Recently, the task force issued a public exposure draft called Privacy Framework (available at www.cica.ca/privacy). The framework serves as a benchmark for good privacy practices and provides the foundation for all privacy advisory and assurance services.
To facilitate implementation of the framework, the task force is developing a comprehensive Privacy Services Resource Guide that CAs and CPAs in industry can use to address privacy issues within their organizations and that CAs and CPAs in public practice can use to deliver value-added privacy services to clients. The guide will be available in both print and CD-ROM format in the summer 2003. It will contain numerous resources such as sample forms, checklists and questionnaires. It will also provide detailed guidance for performing internal privacy assessments and delivering a full range of privacy services including:
* strategic and business planning;
* privacy gap and risk analysis;
* benchmarking;
* privacy policy design and implementation;
* performance measurement; and
* independent verification of privacy control systems.
For more information about the new Privacy Services Resource Guide, contact Paul-Emile Roy at (416) 204-3301 (paul.roy@cica.ca).
Комментариев нет:
Отправить комментарий