Privacy Principle Undergoes an Overhaul.

April 7, 2016 Debbie Zaller

The AICPA just released an updated version of TSP Section 100. The update amends TSP Section 100 and supersedes Appendix C of TSP Section 100A, which relates to the Generally Accepted Privacy Principles.  Below is an overview of all of the updates:

  • Revamped Privacy Principle
  • Clarification to some of the non-privacy criteria
  • 3 was combined with CC3.1 along with other updates to the criteria in CC3.0
  • New confidentiality criteria
  • Clarification on the Confidentiality Principle versus the Privacy Principle
  • Clarifications to paragraphs .03 through .15 of TSP Section 100

Of the changes, the major change is to the Privacy Principle.  The changes remove redundancy in the criteria that are also found within the Security Principle.  Now the privacy criteria will comprise both the common criteria from the Security Principle and the privacy criteria.  The AICPA has also added illustrative risks, similar to the other principles that might prevent the privacy criteria from being met and illustrative controls to address the risks. 

The AICPA further clarified that with these additions, the common criteria should be applied regardless of the principles included in the scope of the SOC 2 examination.

You can get the new TSP Section 100 at the AICPA Store.

About the Author

Debbie Zaller

Debbie Zaller is a Principal at Schellman & Company,LLC. Debbie leads the SOC 2 and SOC 3 service line and is also an AICPA SOC Specialist. Debbie has over 15 years of IT attestation experience and currently spearheads Schellman’s SOC 2 practice, where she is responsible for internal training, methodology creation, and quality reporting. Debbie was a past member of the Florida Institute of Certified Public Accountants’ Board of Governors and served on the Finance and Office Advisory Committee.

More Content by Debbie Zaller
Previous Article
HITRUST + Certification
HITRUST + Certification

Is This The Correct Answer? HITRUST + Certification = HIPAA Compliance

Next Article
Privacy Shield: Un-peeling the Onion, The 4 Points to Consider
Privacy Shield: Un-peeling the Onion, The 4 Points to Consider

When the European Commission finally released the text of the EU-U.S Privacy Shield agreement reached in Fe...


Subscribe now
to receive content updates once a week

First Name
Error - something went wrong!