Question

In: Accounting

Please answer the following questions: a) What is confidentiality and privacy controls in accounting information system?...

Please answer the following questions:

a) What is confidentiality and privacy controls in accounting information system?

b) How to identify and classify information that to be protected and how to protect confidentiality using encryption?

c) What is privacy regulations and generally accepted privacy principles?

Solutions

Expert Solution

(B.)

Identify and classify information that to be protected

  • Information is identified based on where it is located and who has access to the information.
  • Information is classified based on the value it is creating to the organization.

(C.)

Generally Accepted Privacy Principles (GAPP )is designed to assist management in creating an effective privacy program that addresses their privacy obligations, risks, and business opportunities.

The privacy principles and criteria are founded on key concepts from significant local, national, and international privacy laws, regulations, guidelines, and good business practices. By using GAPP, organizations can proactively address the significant challenges that they face in establishing and managing their privacy programs and risks from a business perspective. GAPP also facilitates the management of privacy risk on a multijurisdictional basis.

Primary Objective of Privacy Principles

Personal information is collected, used, retained, disclosed, and disposed of in conformity with the commitments in the entity’s privacy notice and with criteria set forth in Generally Accepted Privacy Principles issued by the AICPA and CICA.

The following are the 10 Generally Accepted Privacy Principles: (GAPP)

1. Management: The entity defines, documents, communicates, and assigns accountability for its privacy policies and procedures.

2. Notice: The entity provides notice about its privacy policies and procedures and identifies the purposes for which personal information is collected, used, retained, and disclosed.

3. Choice and consent: The entity describes the choices available to the individual and obtains implicit or explicit consent with respect to the collection, use, and disclosure of personal information.

4. Collection: The entity collects personal information only for the purposes identified in the notice.

5. Use, retention, and disposal: The entity limits the use of personal information to the purposes identified in the notice and for which the individual has provided implicit or explicit consent. The entity retains personal information for only as long as necessary to fulfill the stated purposes or as required by law or regulations and thereafter appropriately disposes of such information.

6. Access: The entity provides individuals with access to their personal information for review and update.

7. Disclosure to third parties: The entity discloses personal information to third parties only for the purposes identified in the notice and with the implicit or explicit consent of the individual.

8. Security for privacy: The entity protects personal information against unauthorized access (both physical and logical).

9. Quality: The entity maintains accurate, complete, and relevant personal information for the purposes identified in the notice.

10. Monitoring and enforcement: The entity monitors compliance with its privacy policies and procedures and has procedures to address privacy related complaints and disputes.


Related Solutions

Please answer the following questions a) What is Encryption in accounting information system and what are...
Please answer the following questions a) What is Encryption in accounting information system and what are the steps in the encryption and decryption process? b) What are the factors that influnces encryption strength? c) What types of encryption systems and the advantages and disadvantages , risks and their primay uses in information systems? d) How does hashing, digital signatures, and virtual private networks process in encryption?
discuss about on controls specific to confidentiality and privacy of corporate and customer iinformation
discuss about on controls specific to confidentiality and privacy of corporate and customer iinformation
Discuss how HIPAA protects the privacy and confidentiality of patient information
Discuss how HIPAA protects the privacy and confidentiality of patient information
With respect to the Xero accounting information system, select three (3) controls in the system. With...
With respect to the Xero accounting information system, select three (3) controls in the system. With respect to each of these controls: a. Identify the control and the type of control. b. Explain what the control aims to prevent, detect or correct. Page | 2 c. Explain the operation of the control (i.e. how the control works). d. Evaluate the effectiveness of the control (i.e. whether, in your opinion, the control achieves its aims and why)
I need to research definitions of the terms privacy, confidentiality and security of health information to...
I need to research definitions of the terms privacy, confidentiality and security of health information to include in your post. As a health care manager, what responsibilities do you have to uphold these for your patients? Provide an example to illustrate your role and responsibility of protecting patient information.
Please use the following information to answer the questions: Accounting Standards Codification 470 (Subtopic 50; Section...
Please use the following information to answer the questions: Accounting Standards Codification 470 (Subtopic 50; Section 40; Subsection 2) (formerly: FASB Statement No. 145, Rescission of FASB Statements No.4, 44, and 64, Amendment of FASB Statement No. 13, and Technical Corrections, par. 6.) On 1/1/16, BIGDEBT issued $12,000,000 face value bonds, dated 1/1/16, with a coupon rate of 10% for a price of $11,116,790. Interest is paid semiannually on 6/30 and 12/31. The bonds have a 5-year life, with principal...
course : Accounting information system GITC/Application Controls 1. GITC, general information technology controls is control activities...
course : Accounting information system GITC/Application Controls 1. GITC, general information technology controls is control activities performed by management to ensure the ongoing effectiveness of the organization's automated application controls and related systems. Where as application controls help ensure that transactions occured are recorded completely and accurately. Application controls also are automated in nature and often apply to the processing of individual transactions. Also, GITC includes execution of policies and procedures that relate to financially relevant applications and support the...
Forum Week 1 - law and ethics Question: Please watch the video privacy and confidentiality and...
Forum Week 1 - law and ethics Question: Please watch the video privacy and confidentiality and answer the questions below (use your book, the video and the internet as resources): What are the differences between law and ethics? How is confidentially part of Ethics? If you have potentially breached any ethical guidelines, what does the state use as a reference to review your action and make their decision on any action against you?
Please describe how you understand confidentiality and privacy to differ. Is it ever ok to breach...
Please describe how you understand confidentiality and privacy to differ. Is it ever ok to breach patient confidentiality? If so, how and when. Is it ever ok to breach patient privacy? If so, how and when? 2. Case study: The patient is a 54 year old woman. She has been experiencing fatigue, dizziness, pallor and excessive vaginal bleeding for several months. Upon a visit to her physician, it has been discovered that the patient is symptomatically anemic and does not...
One function of the accounting information system (AIS) is to provide adequate controls to ensure the...
One function of the accounting information system (AIS) is to provide adequate controls to ensure the safety of organizational assets, including data. Many people, however, often view control procedures as red tape. Discuss how controls can improve the overall efficiency and effectiveness. Why are we concerned with controls in the AIS department?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT