Title: How to Profit by Safeguarding Privacy: CPAs Can Help Businesses Boost Customer Relations and, at the Same Time, Meet Regulatory Requirements
Abstract: EXECUTIVE SUMMARY * PROTECTING THE PRIVACY of personal information is no longer optional for organizations that collect, use distribute it. Federal law now requires entities to take responsibility for safeguarding the data they gather from customers patients. * ORGANIZATIONS THAT ACCEPT AND FULFILL their privacy-related obligations will find it easier to develop close business relationships with consumers who prefer them to competitors that don't make privacy a priority. * THE COMPLEXITY OF PRIVACY COMPLIANCE the allure of turning a regulatory burden into a competitive advantage combine to create a consulting opportunity for CPAs who know the regulations can help companies satisfy them and, thus, attract retain customers. * CPAs LEADING A COMPLIANCE PROJECT, whether as employees or consultants, should adopt a systematic approach that identifies resolves deficiencies in the organization's privacy policies practices. * TO DO THIS EFFECTIVELY, CPAs should follow a four-phase plan in which they assess the entity's current compliance level, design a remedial strategy, implement the plan then monitor its ongoing effectiveness. * CPAs SHOULD FAMILIARIZE THEMSELVES with the provisions of major federal privacy legislation, including the Health Insurance Portability Accountability Act of 1996, the Gramm-Leach-Bliley Act of 1999 the Children's Online Protection Act of 1998. Protecting the privacy of confidential information is quickly becoming a measure of success in the business world--because companies improve their reputation when they take care to safeguard the personal data people entrust to These organizations also attract customer loyalty, that gives them an edge over competitors who don't make privacy a priority. This article shows CPAs in industry or in public practice how they can help businesses achieve their privacy compliance goals. It also summarizes provisions of the major federal privacy laws (see Privacy Protection Is Mandatory, page 49). THE CPA AS PRIVACY STRATEGIST Some businesses may not see privacy compliance as a way to develop a positive corporate image. But CPAs can stress to them that solid policies are good business practices, says Everett C. Johnson, CPA, partner at Deloitte & Touche LLP in Wilton, Connecticut, chairman of the AICPA enterprise-wide privacy task force. Privacy matters to people who provide an organization with personal information about themselves, he adds, and businesses need to demonstrate their respect for the confidentiality of the data that customers entrust to them. To succeed in these engagements, CPAs must be well versed in privacy law be able to evaluate an entity's compliance level (see Resources for Consultants, page 52). To help an organization become privacy compliant, a CPA must understand how it gathers, uses, stores discloses customer/client data. A FOUR-PHASE APPROACH CPAs should assemble a versatile team to design a plan to identify data protection deficiencies, create a strategy implement monitor the plan for compliance. Team members should represent various parts of the organization including legal, internal auditing, risk management, finance, information security, human resources operations. The group will assess the company's practices should report to an executive in charge of privacy compliance. These are the team's responsibilities: Phase 1: Perform an initial assessment of privacy policies procedures. To determine whether the entity follows formal methods to protect data, the team will * Document the type location of all customer/client data--inside outside the organization--and all systems that collect, process, use or distribute personal information. * Verify compliance deadlines. * Review record existing information security management policies procedures. …
Publication Year: 2003
Publication Date: 2003-05-01
Language: en
Type: article
Access and Citation
Cited By Count: 4
AI Researcher Chatbot
Get quick answers to your questions about the article from our AI researcher chatbot