PRIVACY EXPECTATIONS IN E-COMMERCE (STUDY OBJECTIVE 5)

Chapter 4 described the relationship between IT risks and controls, using the AICPA's Trust Services Principles and criteria as the framework to examine risks and controls. That section of Chapter 4 provided details regarding four (items 1, 2, 3, and 5) of the five risk areas identified in the Trust Services Principles. The fourth risk area of IT systems described in the AICPA Trust Services Principles is “online privacy.” Regarding this risk area, the Trust Services Principles states that the “online privacy principle focuses on protecting the personal information an organization may collect from its customers, employees, and other individuals”1 through its e-commerce systems. This personal information consists of many different kinds of data. The Trust Services Principles provide the following partial list of personal information to be protected:

  • Name, address, Social Security number, or other government ID numbers
  • Employment history
  • Personal or family health conditions
  • Personal or family financial information
  • History of purchases or other transactions
  • Credit records

In the course of conducting business with customers, an organization may have legitimate reasons to collect and keep these customer data. However, to conduct e-commerce, the organization must provide to customers a level of confidence in the privacy and security of this kind of personal information shared. To engender such confidence, the organization must ...

Get Accounting Information Systems: The Processes and Controls, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.