Obtain a copy of Generally Accepted Privacy Principles from the AICPA’s web site (You will find it by following this path: Under Interest Areas choose Information Management and Technology Assurance then in the upper left portion of that page in the box titled Resources select Privacy and scroll down the list until you find GAPP). Use the GAPP document to answer the following questions:
1. What is the difference between confidentiality and privacy?
2. How many categories of personal information exist? Why?
3. In terms of the principle of choice and consent, what does GAPP recommend concerning opt-in versus opt-out?
4. Can organizations outsource their responsibility for privacy?
5. What does principle 1 state concerning top management’s and the Board of Directors’ responsibility for privacy?
6. What does principle 1 state concerning the use of customers’ personal information when testing new applications?
9. What are some examples of practices that violate management criterion 4.2.2?
10. What does management criterion 5.2.2 state concerning retention of customers’ personal information? How can organizations satisfy this criterion?
11. What does management criterion 5.2.3 state concerning the disposal of personal information? How can organizations satisfy this criterion?
12. What does management criterion 6.2.2 state concerning access? What controls should organizations use to achieve this objective?
13. According to GAPP principle 7, what should organizations do if they wish to share personal information they collect with a third party?
14. What does GAPP principle 8 state concerning the use of encryption?
15. What is the relationship between GAPP principles 9 and 10?