The Generally Accepted Privacy Principles (GAPP) is a set of 10 precepts developed by the American Institute of CPAs. These standards can also be viewed as best practices in fields other than Accounting. Because employee information should be treated with the same professionalism and care afforded to consumers, these guidelines are helpful in evaluating HR software and processes. Here’s an overview of the first Principle:
This is the all-encompassing objective of defining, documenting, communicating, and creating accountability for privacy policies in a way that addresses all GAPP Principles. We will look at the other 9 Principles in future blog posts.
Defining what constitutes information that should be kept private is an important first step. In general, any data that can be identified as linked to a specific individual is considered private. The specifics vary from one industry to the next, so defining exactly what types of information are to be protected is critical. There must also be a system in place to identify when new varieties of potentially private information are being collected.
The policies surrounding the management of such information must be communicated to all parties within your organization – along with the consequences of failing to comply. A well managed privacy system includes accountability. Putting a person or group of people in charge of managing the privacy program ensures that someone is held personally responsible. That’s a big incentive to get things right.
The controls that are put in place to ensure proper privacy management should be set up in compliance with applicable state and federal (or international) laws. The privacy program itself should be designed for regular review to ensure that it meets regulatory requirements and adequately addresses any change in other circumstances or new risks that could impact the effectiveness of the program. There should also be a procedure in place for evaluating and approving any suggested changes.
On a practical note, an organization needs to ensure that there are enough resources budgeted to achieve its privacy objectives. This includes installing and maintaining a physical and electronic infrastructure that is compliant with the privacy program. It includes researching and selecting third party vendors who are compliant with GAPP as well.
Why Are We Talking About This Topic Now?
Emerald Software is in the process of evaluating all of the most respected privacy standards and looking at how our applications such as Universal Onboarding measure up. We are constantly improving our software to promote the best, most compliant data privacy practices. You would expect nothing less of a Best of Breed vendor!