|
|
About CPA
WebTrust TM
Fact
Sheet | WebTrust Principles
| Privacy Concepts
Fact Sheet
CPA WebTrust is a unique seal of
assurance which has been developed jointly by the
American Institute of Certified Public Accountants (AICPA)
and the Canadian Institute of Chartered Accountants
(CICA) to break down the
barriers to electronic commerce by assuring online customers that businesses
carrying the seal adhere to standard business practices and controls.
Designed to build trust and
confidence between businesses and customers,
CPA WebTrust will raise the bar for electronic commerce business
practices and provide independent verification that Web sites meet AICPA-
and CICA-prescribed criteria.
The
CPA WebTrust seal granted to a Web site assures compliance
with CPA WebTrust principles and
related criteria. Consumers may click on the seal and access a report
issued by the CPA, as well as the CPA WebTrust
principles and related criteria.
WebTrust Principles
Online Privacy
According
to a national Yankelovich study, consumers are very concerned about
the privacy and protection of their personal information - including
credit card numbers, Social Security numbers, buying pattern history
- when shopping online. However, according to the same study, consumers
would be more willing to shop online if there were CPA assurance of
a site.
Only CPAs who have completed
training and have been licensed by the AICPA in accordance with performance
standards are qualified to issue the CPA WebTrust seal. Training, certification,
and licensing ensure consistent application of the CPA WebTrust principles
and related criteria.
The
CPA WebTrust seal was developed by the AICPA. In order for
a site to carry the WebTrust seal, it must also maintain a certificate
from a dependable, established third-party authorization service (such
as VeriSign). This helps to assure the consumer that the seal on a Web
site is authentic and the site is entitled to display it. It also means
that the seal is difficult to forge and is current.
- Top
-
Online
Privacy Concepts
With the rapidly expanding interest
in privacy, the following concepts are widely used to facilitate the
creation and implementation of privacy policies and practices:
- NOTICE
- An organization should inform customers about (1) the purposes for
which information is collected, (2) uses of the information provided,
(3) the manner in which the customer can contact the entity to change
or update information provided by the customer, (4) other parties
to whom information is shared, and (5) the choices for the customer
to limit the use of information provided or the consequences to the
customer if certain information is not provided.
-
CHOICE
- The entity should offer customers to choose (or opt-out) whether
their personal information is disclosed to third parties. For sensitive
information, the entity should provide an explicit (opt-in) choice
if information is to be disclosed to a third party or for a purpose
other than that for which is was originally collected.
-
ONWARD
TRANSFER - The entity should apply the Notice and Choice
guidelines in order to transmit information to other entities or
parties not a part of the original transaction.
-
SECURITY
- The entity that gathers, maintains, or uses personal information
must take reasonable precautions to protect the information from
loss, misuse, unauthorized access, disclosure, alteration, and destruction.
-
DATA
INTEGRITY - The entity should take reasonable care that
the information it collects, whether personal or sensitive, be relevant
for the purposes for which it is to be used.
-
ACCESS
- Customers should have access to their own personal or sensitive
information for the purposes of correction, update and deletion.
-
ENFORCEMENT
- The entity should provide procedures for assurance of compliance
with its own privacy policies and independent recourse procedures
to address any unresolved complaints and disputes.
WebTrust principles also includes
the topics of Security, Business Practices and Transaction Integrity,
Availability, Confidentiality, and non-repudiation. Please visit the
WebTrust site for more information.
Call us direct at (303) 779-5006 or e-mail
us with questions.
CPA
THE CPA. NEVER UNDERESTIMATE THE VALUE.
- Top
-
|
Canadian Institute of Chartered Accountants
American Institute of Certified Public
Accountants
Colorado
Society of Certified Public Accountants
|
