Ten Privacy Areas Addressed by GAPP
GAPP: This is an abbreviation of the Generally Accepted Privacy Principles adopted by AICPA and the Canadian Institute of Chartered Accountants (CICA) reflecting local, national, and international privacy regulations to provide guidance for auditing information technology systems to determine the adequacy of the privacy controls provided for in the system design. There are ten areas addressed by the privacy principles:
- Management
- Notice
- Choice and Consent
- Collections
- Use, Retention, Disposal
- Access
- Disclosure to third parties
- Security for privacy
- Quality
- Monitoring and Enforcement