Tools now available to help businesses wrestling with compliance under new privacy laws

TORONTO – A new privacy tool developed by the Canadian Institute of Chartered Accountants will provide valuable assistance to businesses in complying with privacy laws, says Ontario Information and Privacy Commissioner Ann Cavoukian.

“For months, businesses have been asking me what tools are available to them to assess whether their privacy practices are effective and legally compliant,” said the Commissioner. “So, when the Canadian Institute of Chartered Accountants (CICA) approached me about its new program to provide independent reviews and attestations on an organization’s privacy practices, I was delighted to help CICA get it up and running.”

The privacy tool, called the CICA Privacy Framework, is a joint product of the CICA and its American counterpart, the American Institute of Certified Public Accountants. The Framework can be used by organizations to guide and assist them in implementing privacy programs with assistance from Chartered Accountants. The Framework incorporates concepts from significant domestic and international privacy laws, including Canada’s Personal Information Protection and Electronic Documents Act. For each of the 10 privacy components, there are objective and measurable criteria for evaluating an organization’s privacy policies, procedures and controls.

The IPC regularly partners with private-sector organizations to advance privacy issues, practices and technologies. Commissioner Cavoukian was pleased that the CICA approached her in developing this much needed assessment tool. “It is critical that companies effectively manage privacy issues in a manner that serves their customers, suppliers and shareholders,” adds Cavoukian. “The program is the first of its kind and our review found that it addresses many of the needs business has raised with me.”

The CICA’s Privacy Framework can be used in conducting independent reviews of an organization’s privacy practices and provide an attestation level report of compliance; for those that pass. This attestation report (similar to a financial audit) will independently assure all stakeholders that the organization’s privacy practices appropriately address legislative requirements.

The Information and Privacy Commissioner/Ontario is appointed by and reports to the Ontario Legislative Assembly and is independent of the government of the day. The Commissioner’s mandate includes overseeing the access and privacy provisions of the Freedom of Information and Protection of Privacy Act and the Municipal Freedom of Information and Protection of Privacy Act and helping to educate the public about access and privacy issues.

The Canadian Institute of Chartered Accountants (CICA), together with the CA institutes/ordre, represents approximately 68,000 CAs and 8,000 students in Canada and Bermuda. The CICA conducts research into current business issues and supports the setting of accounting and assurance standards for business, not-for-profit organizations and government. It issues guidance on control and governance, publishes professional literature, develops continuing education programs and represents the CA profession nationally and internationally.