Privacy Advisor

Ontario Privacy Commissioner Recommends Generally Accepted Privacy Principles to Toronto Transit Com

September 1, 2008

By Nancy A. Cohen, CPA.CITP, CIPP, and Nicholas F. Cheung, CA, CIPP/C

A recent investigation into a major transportation organization's privacy practices led to a significant win for the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA)'s Generally Accepted Privacy Principles (GAPP).

An initial complaint in late 2007 from UK-based Privacy International regarding the deployment of video surveillance cameras throughout the Toronto Transit Commission's (TTC) mass transit system led the Office of the Information and Privacy Commissioner of Ontario (IPC) to review the TTC's privacy practices. Specifically, Privacy International reported that the use of these cameras breached the privacy provisions of the Municipal Freedom of Information and Protection of Privacy Act.

Although few would argue that video surveillance cameras are counter productive, the public's right to privacy and trust in the TTC's protection of the footage were the overriding concerns during the IPC's investigation led by Commissioner Ann Cavoukian.

"It is very important to convey a sense of confidence to the public that the video surveillance system I had reviewed was in compliance with our privacy laws, and that the TTC understands this system is being very closely monitored with respect to protocol and the controls we placed on it," says Cavoukian. "These controls are very strong and emphasize severely limited access, such as who is authorized to see the footage."

In her report issued March 3, 2008, Cavoukian specifically recommended the TTC undergo an independent third-party audit using the GAPP Privacy Framework."GAPP is the most thorough audit framework in existence," she says. "GAPP takes fair information practices—the bedrock of privacy—and creates objective criteria that reflect the existence of sound information practices. These practices are the embodiment of the principles. GAPP creates a tool that can objectively measure whether these principles are actually being implemented."

Representatives serving on a joint AICPA/CICA Privacy Task Force wrote the original GAPP Framework in 2003, followed by a significant update in 2006 to reflect the universal acceptance of the principles and to keep up to date with technology and business processes. Providing criteria and related material for protecting the privacy of personal information, GAPP can be used by privacy professionals, as well as CPAs in the United States and CAs in Canada in industry and in public practice, to guide and assist the organizations they serve in implementing privacy programs.

Simply put, Cavoukian states that any ongoing activity that may have a privacy risk associated with it must have proper protections in place. Organizations can minimize the cost associated with these protections by looking at GAPP as a measurement solution.

"When other organizations hear about the TTC's audit, I think it will lead to increased usage of the GAPP Privacy Framework in other areas to conduct their audits," she says. "This is a very positive outcome because it will speak very highly of the TTC's efforts to protect privacy and get the word about GAPP out into the community."

For more information on GAPP, including methodologies and how to use GAPP within your own organization, visit the AICPA's Privacy Center at www., or the CICA's Privacy Resource Centre at

Nancy A. Cohen, CPA.CITP, CIPP (, is senior technical manager—IT for the American Institute of Certified Public Accountants.

Nicholas F. Cheung, CA, CIPP/C (, is a principal with the Canadian Institute of Chartered Accountants.

Nancy and Nicholas are both members of the AICPA/CICA Privacy Task Force.