Publications, Resources and Toolkits

1. AICPA/CICA Generally Accepted Privacy Principles (GAPP)

Updated in 2009, Generally Accepted Privacy Principles (GAPP) is a comprehensive privacy framework that is designed to assist management in creating an effective privacy program that addresses privacy risks and business opportunities. It was developed under a joint effort of the CICA and the American Institute of Certified Public Accountants (AICPA) through the AICPA/CICA Privacy Task Force.

GAPP can be used by organizations to perform a thorough review of their privacy practices, such as:

Privacy policy design and implementation
Performance Measurement
Benchmarking
Monitoring and auditing privacy programs

2. AICPA/CICA Privacy Maturity Model (PMM)

Released in 2011, the PMM recognizes that each organization’s personal information privacy practices may be at various levels, whether due to legislative requirements, corporate policies or the status of the organization’s privacy initiatives. It was also recognizes that, based on an organization’s approach to risk, not all privacy initiatives would need to reach the highest level on the maturity model.

Each of the 73 GAPP criteria is broken down according to the five maturity levels. This allows entities to obtain a picture of their privacy program or initiatives both in terms of their status and, through successive reviews, their progress.

3. The Canadian Privacy and Data Security Toolkit for Small and Medium-Sized Enterprises

The Canadian Privacy and Data Security Toolkit for Small and Medium Enterprises provides practical information that will aid in complying with Canadian privacy legislation. Featuring a foreword by the Privacy Commissioner of Canada and an introduction by the Information and Privacy Commissioner of Ontario, it outlines the privacy issues faced by organizations in today's world of high-speed communication and massive data gathering.

4. AICPA/CICA Privacy Risk Assessment Tool

Revised in 2010 by the AICPA/CICA Privacy Task Force, the Tool is designed to help CAs , management, owners, internal audit and other privacy professionals accomplish this task in an effective and comprehensive manner.

Key features of the Tool include:

User-friendly templates based on Microsoft Excel
Ability to incorporate results from up to 10 assessors
Based on Generally Accepted Privacy Principles
Provides results in both table and graphical formats for easy reporting to management and other interested stakeholders

5. Records Management - Integrating Privacy Using Generally Accepted Privacy Principles

This paper discusses the importance of designing privacy into an organization’s records management program and how that can be accomplished using Generally Accepted Privacy Principles (GAPP).

This publication will

explain what is personal information and why privacy is an important business issue.
identify privacy concerns regarding records management.
explain how GAPP can be used to integrate privacy into a records management program.

Download for free.

6. Map of Canadian Privacy Laws

The map presents the privacy laws applicable in each jurisdiction in Canada.
Download for free.

7. 20 Questions Businesses Should Ask About Privacy.

Download for free.

This publication describes the most important questions on privacy that businesses should know the answers to. It serves as a good introduction for businesses in the process of developing their privacy programs and is a useful checklist for businesses who have already implemented a privacy initiative.

8. Incident Response Plan

This Incident Response Plan Template can be used to help you design, develop or adapt your own plan and better prepare you for handling a breach of personal information within your organization. This template is intended to be comprehensive. Smaller organizations can use it as a model to identify key steps and processes that need to be considered by any organization regardless of size should an incident such as a privacy breach occur.

Download for free.