Privacy Legislation

As our use of transmitting and storing business data in an electronic format has increased, so has the federal and state legislation related to ensuring this data is secure and protects an individual’s privacy.  What data is required to be kept private?  Any data that can be attributed to an identified individual.  This would apply to employee and customer information.
Any business that handles customer or employee personal information such as date of birth, social security numbers and addresses should review how they secure this data in the following areas:
1.  How is the data obtained?  Electronic or paper format?
2.  How is the data stored?
3.  Who has access to the data within my organization?
4.  Who has access to the data outside of my organization and how is it transmitted? (an example would be payroll outsourcing).
The AICPA and Canadian Institute of Charter Accountants have developed guidelines for addressing these privacy issues through a (GAPP) Generally Accepted Privacy Principles framework.  This framework provides criteria for assessing your risk of violating privacy legislation, and how to develop policies and procedures to mitigate that risk.
Prevention is always the best approach when addressing risks against your business.  The consequences of not adequately safeguarding personal information could result in damaging customer and employee relationships and open the door to legal liability.
/posted by Vickie L. Tischendorf, CPA