Don’t Allow A Gap In Your GAPP – Part 6

OK, we’re wrapping up our perusal of Generally Accepted Privacy Principles (GAPP) today. This may seem like a lot of information, but it’s really just scratching the surface of each principle. For a more in depth review, you can visit the AICPA and browse their resources section.


This is the 9th principle. Ensuring the privacy of the information you collect doesn’t mean a whole lot if it’s not the right information. For example, let’s say you are sending a total compensation statement to your employees outlining everything from their salary to the value of their 401(k). If your HR department isn’t staying on top of maintaining an accurate address database for your employees, those letters may not make it to the right destination. Ultimately, it’s up to individual workers to provide HR with their new address. But good privacy practices dictate that HR should notify employees before sending out any important communication (such as a W2) so they have a chance to update their address before the form is mailed.

One area where inaccurate information can make a difference is in the use of credit reports for making hiring decisions. That’s why job candidates are entitled to see their report to dispute any errors that affect how a prospective employer views them. If your company runs credit reports during hiring, the form you use should clearly outline the individual’s privacy rights including the right to review their information for inaccuracies. If you collect credit reports for this type of background screening during onboarding, you can use our Universal Onboarding system to present the required notices to new hires.

Monitoring and Enforcement

This is the final principle. It’s the way you ensure that all your HR privacy policies and procedures are doing the job for which they were created. This principle is all about accountability. There should be a high level HR employee responsible for addressing concerns or complaints from employees about any issues regarding the privacy of their personal information. This administrator may need to work with IT to investigate incidents and carry out risk assessments. Software privacy procedures and data security are topics we discuss with each Emerald Software Group client to ensure that employee data is safe.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s