Generally Accepted Privacy Principles

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Generally Accepted Privacy Principles (GAPP) is a framework intended to assist Chartered Accountants and Certified Public Accountants in creating an effective privacy program for managing and preventing privacy risks. The framework was developed through joint consultation between the Canadian Institute of Chartered Accountants (CICA) and the American Institute of Certified Public Accountants (AICPA) through the AICPA/CICA Privacy Task Force.[1]

The GAPP framework was previously known as the AICPA/CICA Privacy Framework, and is founded on a single privacy principle: personally identifiable information must be collected, used, retained and disclosed in compliance with the commitments in the entity's privacy notice and with criteria set out in the GAPP issued by the AICPA/CICA. This privacy objective is supported by ten main principles and over seventy objectives, with associated measurable criteria.[2]

Privacy is defined in Generally Accepted Privacy Principles as "the rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure, and disposal of personal information."[3]

See also[edit]


  1. ^ "Generally Accepted Privacy Principles (GAPP) << CIPP Guide".
  2. ^ "Generally Accepted Privacy Principles (GAPP) << CIPP Guide".
  3. ^ "Generally Accepted Privacy Principles, CPA and CA Practitioner Version" (PDF).

External links[edit]