The Forensic Examiner (Sample) - Summer 2011

Summer 2011 THE FORENSIC EXAMINER® 01

an fbivisionaryprofile of howard teten

Gear Up for thenetworKinG event of the year!

lt. Coloneldave GrossManinternationally reCoGniZed sCholar, aUthor, soldier, and speaKer

p.28p.48

p.74

MIRANDARIGHTS

REVISITEDbranson, MooCtober 12–14siGn Up now!

p.60

p.22

$7.50 U.S./$9.50 CAN

02 THE FORENSIC EXAMINER® Summer 20111-800-423-9737 www.ACFEI.com

ACHIEVE NEW GOALS. LEARN NEW JOB SKILLS. GROW YOUR PASSION.The American College of Forensic Examiners Institute® provides the latest in certi� ed training. We o� er a range of online forensic credentials from Certi� ed Forensic Nurse, CFN® to Certi� ed Forensic Accountant, CrFA®. Check out our online catalog for a complete list of the certi� cations we o� er from all our associations.

ACFEI0211EX

Established at the renowned Cyril H. Wecht Institute of Forensic Science and Law in 2002, this unique course of study investigates the promise and the possibilities that modern science brings to our pursuit of truth and justice in criminal, civil, and family legal proceedings. It is a program that convenes professionals from a variety of disciplines to expand our collective and individual understanding of the many ways in which this goal can be achieved.

For more information, contact the Institute at [email protected] or 412-396-1330.

Or visit us online at www.duq.edu/forensics.

• Online delivery brings videotaped lectures, AV materials and discussion groups to your home • Supplemental live sessions include Crime Scene Investigation, Interrogations and a Trial • Options include the 12-credit undergraduate certificate or the 18-credit graduate certificate

NOw acceptiNg applicatiONS fOr the 2011-2012 academic year.

Are you curious about the interconnected fields of forensic science and law?

Do you lack the time to invest in a degree programand/or to study on-site?

Does the idea of the world's greatest experts reaching you online interest you?

Then consider the certificate in forensic Science and law


Established at the renowned Cyril H. Wecht Institute of Forensic Science and Law in 2002, this unique course of study investigates the promise and the possibilities that modern science brings to our pursuit of truth and justice in criminal, civil, and family legal proceedings. It is a program that convenes professionals from a variety of disciplines to expand our collective and individual understanding of the many ways in which this goal can be achieved.

For more information, contact the Institute at [email protected] or 412-396-1330.

Or visit us online at www.duq.edu/forensics.

• Online delivery brings videotaped lectures, AV materials and discussion groups to your home • Supplemental live sessions include Crime Scene Investigation, Interrogations and a Trial • Options include the 12-credit undergraduate certificate or the 18-credit graduate certificate

NOw acceptiNg applicatiONS fOr the 2011-2012 academic year.

Are you curious about the interconnected fields of forensic science and law?

Do you lack the time to invest in a degree programand/or to study on-site?

Does the idea of the world's greatest experts reaching you online interest you?

Then consider the certificate in forensic Science and law

04 THE FORENSIC EXAMINER® Summer 2011

ABFSW0211EX

TAB

LE O

F C

ON

TEN

TS

CONTENTS

2011 EXECUTIVE SUMMIT50 6051 6252 63

SCHEDULE AT A GLANCE

HOTEL & CONVENTION CENTER

CONFERENCE SCHEDULES

KEYNOTE SPEAKERS

CREDENTIALING OPPORTUNITIES

REGISTRATION FORM

TABLE OF CONTENTS

48


12

TAB

LE OF C

ON

TEN

TS

WWW.ACFEI.COM • (800) 592-1399

FEATURES

12

22

28 64 70

74

AICPA/CICA’S GENERALLY ACCEPTED PRIVACY PRINCIPLES:A Tool for Forensic Accountants

HOWARD TETEN:An FBI Visionary

MIRANDA REVISITED

A TERRIBLE THING TO DO

REVISITING THE INTEGRATION OF FORENSIC ACCOUNTING AND THE AUDITING PARADIGM

WHOSE FIRE SCENE IS THIS ANYWAY?

IN THIS ISSUE

78

7980

81 86 87

THE DETECTIVE’S CORNER:CUT AND DRIED

FALSELY ACCUSED

PRODUCT REVIEWS

BOOK REVIEWS

NEW MEMBERS

CE TEST PAGES

28

22


MIRANDAREVISITED

AICPA/CICA’S GENERALLY ACCEPTED PRIVACY PRINCIPLES

HOWARD TETEN:AN FBI VISIONARY

VOLUME 20 • NUMBER 2 • SUMMER 2011

Nicholas G. Apostolou, DBA, DABFA, CPA, Cr.FALarry Barksdale, BS, MA E. Robert Bertolli, OD, FACFEI, CHS-V, CMI-VKenneth E. Blackstone, BA, MS, CFC, DABFEDavid T. Boyd, DBA, CPA, Cr.FA, CMA Jules Brayman, CPA, CVA, DABFA, FACFEIJohn Brick, PhD, MA, DABFM, FACFEI Richard C. Brooks, PhD, CGFM, DABFEDennis L. Caputo, MS, DABFET, CHMM, FACFEI Dennis H. Chevalier, BS, MSM, DM, CMIDavid F. Ciampi, PhD, FACFEI, DABPSLarry Crumbley, PhD, CPA, DABFE, Cr.FAAndrew N. Dentino, MD, FACFEI, DABFE, DABFM James A. DiGabriele, PhD/DPS, CPA, Cr.FA, FACFEIJohn Shelby DuPont Jr., DDS, DABFD Scott Fairgrieve, Hons. BSc, MPhil, PhD, FAAFSEdmund D. Fenton, DBA, CPA, CMA, Cr.FA Per Freitag, PhD, MD, FACFEI, DABFML. Sue Gabriel, MSN, MFS, EdD, RNNicholas Giardino, ScD, FACFEI, DABFEDavid H. Glusman, CPA, DABFA, Cr.FA, FACFEIRon Grassi, DC, FACFEI, DABFM, DABFERichard C. W. Hall, MD, FACFEI, DABFM, DABFEJohn J. Haberströh, DC, CFC, CMI-V, FACFEIRaymond F. Hanbury, PhD, ABPP, FACFEI, DABFEDavid L. Holmes, EdD, FACFEI, DABFE, DABPSLeo L. Holzenthal Jr., PE, DABFET, FACFEILinda Hopkins, PhD, CFC, DABPS, DABRE Edward J. Hyman, PhDZafar M. Iqbal, PhDNursine S. Jackson, MSN, RN, DABFNRobert S. Kassoff, PhD, DABPS, DACFM, DABFEPhilip Kaushall, PhD, DABFE, DABPS, FACFEIEric Kreuter, PhD, CPA, DABFA, FACFEIRonald G. Lanfranchi, DC, PhD, CMI-IV, FACFEIRichard Levenson, Jr., PsyD, DABFE, DABPS, FACFEIMonique Levermore, PhD, FACFEI, DABPS

Jonathan Lipman, PhD, FACFEI, DABFE, DABPS Judith Logue, PhD, FACFEI, DABFSW, DABPSMike Meacham, PhD, LCSW, DABFSW, FACFEIDavid Miller, DDS, FACFEI, DABFE, DABFDLeonard I. Morgenbesser, PhD, FACFEIJacques Ama Okonji, PhD, FACFEI, DABFE, DABPSNorva E. Osborne, OD, CMI-IIIGeorge Palermo, MD, PhD, FACFEI, DABFMRonald J. Panunto, PE, CFC, CFEI, DABFETLarry H. Pastor, MD, FACFEI, DABFE, DABFMTheodore G. Phelps, CPA, DABFAMarc Rabinoff, EdD, FACFEI, DABFE, CFCJerald H. Ratner, MD, CFP, PAHarold F. Risk, PhD, DABPS, FACFEISusan P. Robbins, PhD, LCSW, DABFSWWalter A. Robbins, DBA, CPA/CFF, Cr.FAJane R. Rosen-Grandon, PhD, DABFC, FACFEIDouglas Ruben, PhD, FACFEI, DABFE, DABPSJ. Bradley Sargent, CPA, Cr.FA, DABFA, FACFEIWilliam Sawyer, PhD, FACFEI, DABFE, DABFMHoward A. Shaw, MD, DABFM, FACFEIIvan Sosa, MDHenry A. Spiller, MS, DABFE, FACFEIMarilyn J. Stagno, PsyD, RN, FACFEIRichard I. Sternberg, PhD, DABPSJames R. Stone, MD, MBA, CHS-III, CMI-IVGeorge S. Swan, JDWilliam A. Tobin, MA, DABFET, DABLEE, FACFEIRobert Tovar, BS, MA, DABFE, DABPS, CHS-IIIBrett C. Trowbridge, PhD, JD, DABPS, FACFEIRichard A. Vera II, PI, MBA, CPA, CFESandy Weiss, BS, BCEPPatricia A. Wallace, PhD, FACFEI, DABFE, DABFM, CFCRaymond Webster, PhD, FACFEI, DABFE, DABFMDean A. Wideman, MSc, MBA, CFC, CMI-III

*Note: For spacing and consistency considerations, the number of designations listed has been limited to four.

FOUNDER AND PUBLISHER:Robert L. O’Block, MDiv, PhD, PsyD, DMin ([email protected])EDITOR:Amanda Kyger ([email protected])MEMBER SERVICES: Candice Sickman ([email protected])EXECUTIVE ART DIRECTOR:Brandon Alms ([email protected])ICBS CAO:Tanja O’Block ([email protected])ANNALS® EDITOR:Laura Johnson ([email protected]) INSIDE HOMELAND SECURITY® EDITOR:Trysta Herzog ([email protected])ADVERTISING:Amanda Kyger ([email protected])(800) 423-9737, ext. 116

2011 EDITORIAL ADVISORY BOARD

CONTINUING EDUCATION

ACFEI provides continuing education credits for accountants, nurses, physicians, dentists, psychologists, counselors, social workers, and marriage and family therapists. Approvals for continuing education activities are subject to change. For the most up-to-date status, please check the course catalog on our Web site, www.acfei.com, or contact the Continuing Education staff toll-free at (800) 423-9737. ACFEI is an approved provider of Continuing Education by the following:Accreditation Council for Continuing Medical Education National Association of State Boards of Accountancy National Board for Certified Counselors California Board of Registering Nursing American Psychological Association California Board of Behavioral Sciences Association of Social Work Boards American Dental Association (ADA CERP) The Missouri Sheriff’s Association co-sponsors Police Officer Standards Training (POST) accreditation for the American College of Forensic Examiners Institute’s activities. The American College of Forensic Examiners Institute is a member of the National Certification Commission and the Alliance for Continuing Medical Education. The Ethics Course, Law Course, Evidence Course, Certified Medical Investigator®, Certified in Disaster PreparednessSM, Certified Forensic Accountant, Cr.FA®, and the Certified in Homeland Security, CHS® Levels I–V are all approved for the G.I. Bill benefits.

CHAIR Cyril H. Wecht, MD, JD, FACFEI, CFP; Chair, American Board of Forensic MedicineMEMBERSDouglas Wayne Beal, MD, MSHA, CMI-V, CFP; Chair, American Board of Forensic ExmainersAlexander Lamar Casparis, CPA, MBA, Cr.FA, FACFEI; Chair, American Board of Forensic AccountingDianne Ditmer, MS, RN, CFN, FACFEI; Chair, American Board of Forensic NursingDouglas E. Fountain, PhD, LCSW, DABFE, DABFSW; Chair, American Board of Forensic Social WorkersRaymond H. Hamden, PhD, FACFEI, CFC, CMI-V, Chair, Ameri-can Board of Psychological SpecialtiesJames H. Hutson, DDS, CMI-V; Chair, American Board of Forensic DentistryMarilyn J. Nolan, MS, FACFEI, DABFC; Chair, American Board of Forensic CounselorsGregg M. Stuchman; Chair, American Board of Recorded Evidence

ACFEI EXECUTIVE ADVISORY BOARD

BO

AR

DS

The American College of Forensic Examiners International (ACFEI) does not endorse, guarantee, or warrant the credentials, work, or opinions of any individual member. Membership in ACFEI does not constitute the grant of a license or other licensing authority by or on behalf of the organization as to a member’s qualifications, abilities, or expertise. The publications and activities of ACFEI are solely for informative and educational purposes with respect to its members. The opinions and views expressed by the authors, publishers, or presenters are their sole and separate views and opinions and do not nec-essarily reflect those of ACFEI, nor does ACFEI adopt such opinions or views as its own. The American College of Forensic Examiners International disclaims and does not assume any responsibility or liability with respect to the opinions, views, and factual statements of such authors, publishers, or presenters,

nor with respect to any actions, qualifications, or representations of its members or subscriber’s efforts in connection with the ap-plication or use of any information, suggestions, or recommendations made by ACFEI or any of its boards, committees, publications, resources, or activities thereof.

The Forensic Examiner® (ISSN 1084-5569) is published quarterly by The American College of Forensic Examiners International, Inc. (ACFEI). Annual membership for a year in the American College of Forensic Examiners International is $165. Abstracts of articles published in The Forensic Examiner® appear in National Criminal Justice Reference Service, Cambridge Scientific Abstracts, Criminal Justice Abstracts, Gale Group Publishing’s InfoTrac Database, e-psyche database, and psycINFO database. Periodicals Postage Paid at Springfield, Missouri, and additional mailing offices. © Copyright 2011 by the American College of Forensic Examiners Interna-tional. All rights reserved. No part of this work can be distributed or otherwise used without the express written permission of the American College of Forensic Examiners International. The views expressed in The Forensic Examiner® are those of the authors and may not reflect the official policies of the American College of Forensic Examiners International.

CONTACT US:Publication, editorial, and advertising offices of ACFEI, 2750 East Sunshine Street, Springfield, MO 65804. Phone: (800) 592-1399, Fax: (417) 881-4702, E-mail: [email protected]. Subscription changes should be sent to ACFEI, 2750 East Sunshine, Springfield, MO 65804.

POSTMASTER:Send address changes to American College of Forensic Examiners International, 2750 East Sunshine Street, Springfield, MO 65804.

BOARDS


AMERICAN BOARD OF FORENSIC ACCOuNTINGCHAIRAlexander Lamar Casparis, CPA, MBA, Cr. FA, FACFEI

MEMBERS Stewart L. Appelrouth, CPA, CFLM, Cr.FA, FACFEIGary Bloome, CPA, Cr.FAD. Larry Crumbley, PhD, CPA, DABFA, Cr.FAJames A. DiGabriele, PhD/DPS, CPA, Cr.FA, FACFEIMichael W. Feinberg, CPA, Cr.FAMichael G. Kessler, Cr.FA, CICA, FACFEI, DABFAEric A. Kreuter, PhD, CPA, FACFEI, DABFARobert K. Minniti, CPA, MBA, Cr.FAJ. Bradley Sargent, CPA, CFS, Cr.FA, FACFEIJoseph F. Wheeler, CPA, Cr.FA, CHS-III, CFF

AMERICAN BOARD OF FORENSIC COuNSELORSCHAIR Marilyn J. Nolan, MS, FACFEI, DABFC, DABCIPChair Emeritus: Dow R. Pursley, EdD, FACFEI, DABFC

MEMBERSGeorge Bishop, LPC, LAT, FACFEI, DABFELaura W. Kelley, PhD, LPC, DABFC, FACFEIWilliam M. Sloane, JD, LLM, FACFEI, CHS-III

AMERICAN BOARD OF FORENSIC DENTISTRYCHAIRJames H. Hutson, DDS, CMI-V, FACFEI Chair Emeritus: Brian L. Karasic, DMD, MBA, DABFD, CMI-III

MEMBERS Bill B. Akpinar, DDS, CMI-V, FACFEI, DABFDStephanie L. Anton-Bettey, DDS, CMI-VSusan Bollinger, DDS, CMI-IV, CHS-IVChester B. Kulak, DMD, CMI-V, CFC, DABFD

AMERICAN BOARD OF FORENSIC ExAMINERSCHAIRDouglas Wayne Beal, MD, MSHA, CMI-V, CFP

MEMBERS Jess P. Armine, DC, FACFEI, DABFE, DABFMRonna F. Dillon, PhD, DABFE, DABPS, CMI-V, CHS-IIIBruce H. Gross, PhD, JD, MBA, FACFEIDarrell C. Hawkins, MS, JD, FACFEI, CMI-VMichael W. Homick, PhD, DABCHS, CHS-VJohn L. Laseter, PhD, FACFEI, CMI-IV, CHS-IIILawrence Lavine, DO, MPH, CHS-V, CMI-VLeonard K. Lucenko, PhD, FACFEI, DABFE, CPSIMarc A. Rabinoff, EdD, FACFEI, DABFE, CFCJanet M. Schwartz, PhD, FACFEI, DABFE, CHS-V

AMERICAN BOARD OF FORENSIC ENGINEERING AND TECHNOLOGYCHAIRBen Venktash, DABFET, DABFE, FRSPH(UK), FIET(UK)VICE CHAIRGeorge C. Frank, CFC, DABFE, FACFEI

MEMBERSCam Cope, BS, DABFET, DABFERobert K. Kochan, BS, FACFEI, DABFET, DABFEJ.W. “Bill” Petrelli Jr., DABFET, CFC, AIA, FACFEI Max L. Porter, PhD, DABFET, CFC, FACFEI

AMERICAN BOARD OF FORENSIC MEDICINECHAIRCyril H. Wecht, MD, JD, FACFEI, CFP

MEMBERS Douglas Wayne Beal, MD, MSHA, CMI-V, CFPZhaoming Chen, MD, PhD, MS, CFPJohn A. Consalvo, MD, DABFE, DABFM, FACFEILouis W. Irmisch III, MD, FACFEI, CMI-V, CFPE. Rackley Ivey, MD, FACFEI, CMI-V, CFPLawrence Lavine, DO, MPH, CHS-V, CMI-VKenneth A. Levin, MD, CFP, FACFEI, DABFME. Franklin Livingstone, MD, CFP, FACFEI, DABFMManijeh K. Nikakhtar, MD, CFP, MPH, CMI-VMatthias I. Okoye, MD, MSc, JD, FRCPJohn R. Parker, MD, FACFEI, DABFM, CFPJerald H. Ratner, MD, DABFE, DABFM, FACFEIS. Sandy Sanbar, MD, PhD, JD, FCLMGene Unger, MD, JD, FACFEI, DABFM

AMERICAN BOARD OF FORENSIC NuRSINGCHAIR Dianne T. Ditmer, MS, RN, CFN, CHS-III

MEMBERSHeidi H. Bale, RN, BSN, CFNMarilyn A. Bello, RNC, MS, CFN, CMI-IVCynthia J. Curtsinger, RN, CFNLinda J. Doyle, RN, CLNC, CFN, CMI-IIIL. Sue Gabriel, EdD, MSN, RN, CFNDiane L. Reboy, MS, RN, CFN, FACFEISharon L. Walker, MPH, PhD, RN, CFNCarol A. Wood, RN, CFN, BS, NHA

AMERICAN BOARD OF FORENSIC SOCIAL WORkERSCHAIR Douglas E. Fountain, PhD, LCSW, DABFE, DABFSW

MEMBERSPeter W. Choate, PhD, BA, MSW, DABFSW, DABFETina Jaeckle, PhD, LCSW, MFSW, CFCMichael G. Meacham, PhD, LCSW, DCSW, DABFSWKathleen Monahan, DSW, MSW, CFC, DABFESusan P. Robbins, PhD, LCSW, DCSW, DABFSWSteven J. Sprengelmeyer, MSW, MA, FACFEI, DABFSW

AMERICAN BOARD OF PSYCHOLOGICAL SPECIALTIESCHAIRRaymond H. Hamden, PhD, FACFEI, CFC, CMI-VCHAIR EMERITUSRaymond F. Hanbury, PhD, FACFEI, DABPS, DABFE

MEMBERSCarol J. Armstrong, PhD, LPC, DABPSRobert J. Barth, PhD, DABPS

Ronna F. Dillon, PhD, DABPS, CMI-V, CHS-IIICarl N. Edwards, PhD, JD, FACFEI, DABPSHelen D. Pratt, PhD, FACFEI, DABPSDouglas H. Ruben, PhD, FACFEI, DABPS, DABFERichard M. Skaff, PsyD, DABPSCharles R. Stern, PhD, DABPS, FACFEI, CMI-VJoseph C. Yeager, PhD, DABFE, DABPS, FACFEI Donna M. Zook, PhD, DABPS, CFC

AMERICAN BOARD OF RECORDED EVIDENCECHAIRGregg M. Stutchman

MEMBERSErnst F.W. Alexanderson, BA, MBA, FACFEI, DABREEddy B. Brixen, DABFETCharles K. Deak, BS, CPC, DABFE, DABRERyan O. Johnson, BA, DABFE, DABREMichael C. McDermott, JD, DABRE, DABFE, FACFEIJennifer E. Owen, BA, DABRE, DABFEThoomas J. Owen, BA, FACFEI, DABRE, CHS-VLonnie L. Smrkovski, BS, DABRE, DABFE, FACFEI

AMERICAN BOARD OF REGISTERED INVESTIGATORSMEMBERSKenneth E. Blackstone, MS, CFC, DABFEH. Scott Brown, MS, RS, RIRon Carroll, BSEric Lakes, CHS-III, CLWE, MCSELt. David Millsap, RI, CMI-IIIJoseph A. Juchniewicz, MA, SSI, CHS-III, RIRichard A. Vera, II, MBA, CPACyril H. Wecht, MD, JD, CFP, FACFEIClaude E. Wells, BA, RI

ExECuTIVE ADVISORY BOARD OF THE INTERNATIONAL COLLEGE OF THE BEHAVIORAL SCIENCESCHAIR Janet M. Schwartz, PhD, FACFEI, DABFE, CHS-VBOARD SECRETARYSteven Crimando

MEMBERS Mike Baer, PhD Duane L. Dobbert, PhD, FACFEISue Gabriel, EdD, RN, CFNMark L. Goldstein, PhDRaymond H. Hamden, PhD, FACFEI, CFC, CMI-V Janice L. Hargrave, MEd, CFCDavid L. Holmes, EdDTina Jaeckle, PhD, LCSW, MFSW, CFCGary Kesling, PhD., LMFT, LPC, DAPALon Kopit, PsyD, LPC, BCPCCarl J. Patrasso, PsyDKatherine Ramsland, PhD, CMI-VJerald H. Ratner, MD, CFPDoug Ruben, PhDRonald M. Ruff, PhD

ACFEI EXECUTIVE ADVISORY BOARDS

WWW.ACFEI.COM • (800) 592-1399B

OA

RD

S


ACFE

I NEW

SACFEI NEWS

ACFEI NEWS and announcements

REGISTER FOR THE 2011 EXECUTIVE SUMMIT

Register now before August 1 to receive the early bird rate for the 2011 Executive Summit held October 12-14! For a de-tailed schedule of events, information about Branson, presenter highlights, and the registration form, look to the Executive Summit section beginning on page 48 of this issue.

The Forensic Examiner is seeking edi-torial advisory board members with varied areas of expertise in forensics to peer-review manuscripts for the journal. Send your résumé/curriculum vitae to [email protected] to apply for an edito-rial advisory board position.

Get published as a course author today by submitting a module for inclusion in the Registered Investigator®, RI® Program. RI® is the world’s first open-source certification program, which means you can submit an idea for a module simply by filling out the form online. Once received, ACFEI staff will forward your proposal to a committee of members on the American Board of Registered Investigators for ap-proval. We currently pay $500 for a 4,000-word completed module submitted in accordance with our course submission guidelines. For more information, visit the RI Web site at www.acfei.com/risubmit.

GET YOUR PICTURE DISPLAYED IN THE FORENSIC EXAMINER®

We are introducing a quarterly feature where members can send in pictures of themselves holding a copy of the Examiner on vacation or business travels. If you would like to see your picture in this section, take a copy of the journal and your camera with you on your travels—we want to see your pic-

tures! Email your high-resolution photos to [email protected], or mail to Forensic Traveler, 2750 E. Sunshine, Springfield, MO 65804.

COLD CASE SUBMISSIONS

We are pleased to announce a new feature that will focus on Cold Cases involving our mem-bers from around the world. The “Cold Case Examiner” will be a one-page article sent in by readers

providing a summary of the case. This will allow networking with other leading forensic experts from varied disciplines to help facilitate and invite responses and feedback on your cold case. If you would like to have your cold case featured, please e-mail your one-page article via a Word document and include any photos, evidence, or supplemental details to [email protected].

REGISTERED INVESTIGATOR: OPEN-SOURCE

ACFEI staff member Molly White displays The Forensic Examiner® in front of the Palmer House Hotel in Chicago, Illinois.

EDITORIAL ADVISORY BOARD MEMBERS WANTED



New Books From ACFEI Media

Order your book from Amazon.com or call 1-800-423-9737

Psychological Autopsy of Elvis PresleyBy William J. RonanISBN: 9780983260103

Ronan, a licensed independent clinical social worker, examines the facts of Elvis Presley’s journey on Earth to re-veal the truths of the legendary rocker’s life—and the root causes of his death. In so doing, he forces the reader to consider the sheer psychological force that core beliefs play in creating and recreating lives, and in dooming others to an early end. Hardcover. 349 pages

$24.95 +S & H

Culture Notes:Essays on Sane LivingBy Irene Rosenberg JavorsISBN: 9780982212141

Have we all lost our minds? It’s a question we have all asked ourselves as we ponder such modern occur-rences as “reality” TV, road rage, and terrorism. Javors’ collection of her columns from the Annals of the Ameri-can Psychotherapy Association offers prescriptions for “sane living” in the face of life’s challenges. Paperback. 144 pages

$14.95 +S & H

In the Practice of Health Care: The Search for SatisfactionBy Ronald HixsonISBN: 9780983260110

Hixson, a psychotherapist, provides applicable insight into all aspects of practice management, from economics to ethics. Paperback. 190 pages

$14.95 +S & H

Stuck on Me: Missing YouBy Larry A. Bugen, Ph.D.ISBN: 9780982212134

Sometimes our love for others becomes blurred by a preoccupa-tion with oneself. Carried too far, this self-absorption jeopardizes the love bonds we need to survive. Bugen, a psychologist and photographer, cri-tiques the pervasive narcissism of our contemporary culture, reveals the true nature of love, and presents Six Gifts that ensure its survival among the fit-test. Paperback. 307 pages

$19.95 +S & H

Want to get Published?ACFEI Media wants to walk with you on your a la carte publishing journey. In our approach, you determine the decisions you want to make on your own, and we’ll help you with the rest.

• Hardcover or paperback? Small or large format? • Print, e-book, or both? • Do you have a copy editor, or would you like our help?

As we guide you through the steps and discuss your options, you’ll find the tough decisions easier to resolve.

ANOTHER GREAT MEMBER BENEFIT

ACFEIM E D I A

800-423-9737 • WWW.ACFEI.COM • 2750 E SUNSHINE STREET • SPRINGFIELD, MO 65804

CALL 800423-9737FOR MORE INFORMATION

Coming Soon!

Last Summer With Oscar: An Adventurous True Story of Love and Courage By Jan SchwartzSchwartz, a teacher, psychologist, and forensic fraud investigator, offers a narrative case study that relates the true story of a nine-year-old golden retriever’s response to cancer.

MEDIA0211EX

CE

ART

ICLE

CE ARTICLE: 1 CE CREDIT

A Tool for Forensic Accountants


WWW.ACFEI.COM • (800) 592-1399C

E ART

ICLE

By DR. WALTER A. ROBBINS, DBA, CPA, CFFCERTIFIED FORENSIC ACCOUNTANT (CR.FA)

Forensic accountants are typically involved in fraud prevention and detection. However, another area where their expertise may be called upon for assistance relates to the protection of sensitive personal information that is collected, stored, and used by organiza-tions. Given the extensive practice of storing information on portable devices and making data transfers using the Internet or other wireless technologies, criminals have more opportunities to acquire information on customers, patients, or employees through unauthorized access. Forensic accountants can use the AICPA/CICA’s set of Generally Accepted Privacy Principles (GAPP) as a framework when developing and implementing a sound privacy protection program for clients. Such a program can help prevent criminals from gaining unauthorized access to confidential personal information.

ABSTRACT


While forensic accountants are typically involved in fraud prevention and detection, another area where their expertise is needed is protecting sensitive personal informa-tion that is collected, stored, and used by organizations. Given the current status of information technology, not only is con-fidential information stored in mainframe databases, but it is increasingly being stored on portable devices; moreover, such informa-tion is being disseminated using the Internet or other wireless technologies. Individuals have even begun to store their personal in-formation on the Internet through remote locations. Consequently, unauthorized access to such confidential information has become easier than ever, and the frequency of loss or theft has increased dramatically. Recent high-profile breaches illustrate the threat of this potential danger. In 2006, it was re-ported that a laptop containing the personal information on 382,000 working and retired employees of Chicago-based Boeing Co. was stolen from an employee’s car (Rosencrance, 2006). This private information included employees’ Social Security numbers, home ad-dresses, telephone numbers, birth dates, and salary information; the computer and data were never recovered. In October of 2009, Blue Cross and Blue Shield warned approxi-mately 800,000 doctors that their business and personal information was lost when an

insurance trade group employee’s laptop was stolen (Japsen, 2009). It was reported that the employee broke protocol and transferred the information to his personal laptop. Everyday companies are faced with the risk of having sensitive and confidential personal data become available to the public. The loss or theft of customer or employee records and other confidential personal informa-tion can jeopardize the financial well-being of any organization. For instance, such loss can result in a damaged reputation, loss of customer trust, and a multitude of fines and fees. Forensic accountants can provide a valu-able service to organizations that collect, store, and use confidential personal information; given their specialized expertise, forensic ac-countants are well-equipped to assist clients in developing a set of privacy policies and pro-cedures that can promote the safety and con-fidentiality of such information, in addition to assisting with monitoring the system of safeguards to ensure continued effectiveness. Because protecting individuals’ personal information has become a significant risk-management issue for all organizations and guidance in this area has been limited, in 2003 the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Certified Accountants (CICA) formed a joint Privacy Task Force. The work of this task force resulted in the publication of

a global privacy framework. The framework consists of common privacy principles know as Generally Accepted Privacy Principles (GAPP). The framework was updated in 2006 and in 2009 (AICPA/CICA, 2009). Because of the importance and usefulness of these principles to forensic accountants when evaluating an organization’s privacy risk program, this article presents the privacy principles as set forth by the AICPA/CICA. It is imperative that foren-sic accountants who plan to enter this area of consulting become familiar with these privacy principles and understand their relevancy to developing a sound privacy risk program.

WHAT IS PRIVACY?

The AICPA/CICA’s GAPP defines privacy as the rights and privileges of individuals when personally identifiable informa-tion is collected, stored, used, disclosed, or disposed of by an organization. Such information can be linked directly or in-directly to an individual or can be used to determine their identity. The term “individual” is broad and includes pro-spective current and former customers, employees, and others with whom an organization has a relationship.


THIS ARTICLE IS APPROVED BY THE FOLLOWING FOR CONTINUINGEDUCATION CREDIT:(ACFEI) The American College of Forensic Examiners International provides this con-tinuing education credit for Diplomates and certified members.

AFTER STUDYING THIS ARTICLE, PARTICIPANTS SHOULD BE BETTER ABLETO DO THE FOLLOWING:

1. Explain the importance of security associated with collecting and using personal infor-mation of customers, patients, or employees.

2. Discuss the 10 principles of the AICPA/CICA’s framework of Generally Accepted Privacy Principles (GAPP).

3. Describe the attributes of a good privacy protection program for an organization that collects and uses personal information.

KEY WORDS: privacy risk, personal information, data protection, AICPA privacy frame-work, confidential information, information security, Generally Accepted Privacy Principles TARGET AUDIENCE: forensic accountants who are interested in developing and imple-menting privacy protection programs for their business clientsPROGRAM LEVEL: BasicDISCLOSURE: The author has nothing to disclose.PREREQUISITES: None

EARN CONTINUING EDUCATION CREDITSTAKE THE CE TEST FOR THIS ARTICLE ON PAGE 87

CE

ART

ICLE

AICPA/CICA’S GENERALLY ACCEPTED PRIVACY PRINCIPLES: A Tool for Forensic Accountants

The AICPA/CICA (2009) point out that most information collected by organizations is likely to be personal and usually includes items such as names, home addresses, Social Security numbers, email addresses, and vari-ous physical characteristics. While this type of personal information is considered con-fidential and its misuse would be a breach of privacy, certain other types of personal information represents a much higher level of risk, such as medical conditions, finan-cial information, and racial or ethnic origin. Because sensitive personal information poses higher risks, extra protection and due care are required; as an example, explicit consent from an individual would be appropriate. In cases where personal information can-not be associated with specific individuals, the AICPA/CICA (2009) identifies this as nonpersonal information. This includes per-sonal information for which the identity of the individual is unknown and cannot be determined. However, forensic accountants should be aware that obligations related to nonpersonal information may still exist due to regulations or agreements (i.e., clinical and market research).

PRINCIPLES OF THE PRIVACY FRAMEWORK

The AICPA/CICA’s Privacy Framework (2009) sets forth ten principles that form a comprehensive benchmark for defining the best privacy and security practices for personal information protection. Each principle is supported by objective, measurable criteria that form the basis for effective management of privacy risk and compliance in an organization.

CERTIFIED FORENSIC ACCOUNTANT (CR.FA)

To learn more about investigative accounting, fraud prevention and de-tection, and privacy protection, become a Certified Forensic Accountant (Cr.FA). For more information on the program and to enroll, go to www.acfei.com or call (800) 423-9737.


WWW.ACFEI.COM • (800) 592-1399C

E ART

ICLE

CE

ART

ICLE


4 PrinciPle 1: ManageMent The first component of GAPP requires a plan assigning accountability for privacy policies and procedures be established. The lines of accountability must be clearly defined, documented, and communicated throughout the organization, and it must be understood that an ap-propriately established privacy program is predicated on a good management infrastructure that supports the pri-vacy strategy. As set forth in GAPP, management should: 1. Design a privacy policy that defines and documents

the privacy policies in relation to the other nine prin-ciples of GAAP;

2. Communicate privacy policies and consequences of noncompliance to all internal personnel; and

3. Assign a person or group to manage the privacy pro-gram (AICPA/CICA, 2009). Additional detail design re-quirements are presented in Table 1.

4 PrinciPle 2: notice This principle requires that notice about an organiza-tion’s privacy policies and procedures be provided to both employees and customers (AICPA/CICA, 2009). This communication should also identify the purposes for which personal information is collected, used, retained, and disclosed. The privacy policy should ensure that cus-tomers are able to obtain the information they need to make informed decisions about their business relation-ships with the organization. For employees to meet their

responsibilities when responding to customer inquiries, GAPP indicates that they should know the name and title of the person accountable for the organization’s privacy program, the name, title, and address of the person to whom access requests should be sent, how individuals can access their personal information, and how individuals can file a complaint with the organization. Table 1 shows the specific criteria outlined in Principle 2.

4 PrinciPle 3: choice & consent This principle recognizes that individuals have a right to be provided with clear, conspicuous, readily available mechanisms to exercise their choice regarding the col-lection, use, and disclosures of their personal informa-tion (AICPA/CICA, 2009). An organization is obligated to inform and obtain permission from individuals before col-lecting or using their personal information for the purpose specified in the notice. The individual must voluntarily consent to allowing his/her personal information to be disclosed to a third party or used for a different purpose. In many instances, an organization may collect per-sonal information that is “sensitive” in nature, such as an individual’s medical condition. Whenever sensitive personal information is to be collected, the organization must give individuals an affirmative or explicit choice to opt-in or opt-out if the information is to be disclosed to a third party or used for a purpose other than that for which it was originally collected or subsequently autho-

Principle 1: Design procedures and con-trols to ensure:

• Reviewing and approving changes to the privacy policies and procedures.

• Compliance with applicable laws and regulations, and reviews and revisions are appropriately undertaken.

• Identification of the types of personal information and sensitive personal in-formation.

• A risk assessment process is used to es-tablish a risk baseline and identify new or changed risks to personal informa-tion.

• Commitments and relationships with other businesses entered into by the entity are consistent with its own pri-vacy policies and address any inconsis-tencies.

• Appropriate privacy infrastructure is put into place and developed, imple-mented, and maintained.

• A documented privacy incident and breach management program is estab-lished.

• Adequate resources to achieve the pri-vacy objectives are provided.

• Appropriate qualifications for person-nel responsible for protecting the pri-vacy and security of personal informa-tion are established.

• A privacy awareness program is estab-lished and specific training for selected personnel is provided.

• Change in the business and regula-tory environment that may affect the appropriateness of existing privacy policies and procedures are continually monitored and assessed.

Principle 2: The organization should:• Design a privacy policy that addresses

providing notice to individuals.• Communicate the notice to individuals.• Design procedures and controls to

ensure the notice is provided initially, when changes are made to the privacy policy, and when there are changes in usage of personal information.

• Design procedures and controls to en-

sure that an objective description of the entities and activities covered by the privacy policies and procedures is included in the privacy notice.

• Design procedures and controls to en-sure the use of clear and conspicuous language in the privacy notice.

Principle 3: An organization should de-sign choice and consent policies, proce-dures, and controls to:

• Address the choices available to indi-viduals and the consent to be obtained.

• Communicate to individuals the choices available to them regarding the collection, use, and disclosure of per-sonal information.

• Communicate to individuals the consequences of refusing to provide personal information or denying or withdrawing consent to use personal information.

• Ensure implicit or explicit consent ob-tained for the individual is confirmed and implemented.

TABLE 1: DETAIL REqUIREMENTS OF SELECTED PRINCIPLES


WWW.ACFEI.COM • (800) 592-1399C

E ART

ICLE

rized by the individual. Entities that fail to obtain proper consent before collecting, using, or disclosing personal information may be subject to legal liability or sanctions when the obligation to obtain consent is required by law or self-regulation. Consequently, consultants should con-sider asking the advice of counsel because of applicable legal or industry standards (AICPA/CICA, 2009). Table 1 lists the Choice and Consent principles that an organiza-tion should follow.

4 PrinciPle 4: collection The Collection Principle requires that an organization collect personal information only for the purposes identified in the notice (AICPA/CICA, 2009). It is pointed out that this practice precludes an organization from collecting personal information indiscriminately. The cri-teria presented in Principle 4 address issues relating to collection, communication, and documentation of con-fidential personal information. The detail requirements for designing privacy policies, procedures, and controls are show in Table 1.

4 PrinciPle 5: Use & Retention This principle requires that an organization should limit the use of personal information to the purposes iden-tified in the notice and for which the individual has provided implicit or explicit consent (AICPA/CICA, 2009). Moreover, personal information should be retained for

only as long as necessary to fulfill the stated purposes. Principle 5 provides a set of criteria that should be fol-lowed when developing a privacy policy relating to the use and retention of personal information. The following should be done:• Design privacy policies that address the use, retention,

and disposal of personal information• Communicate to individuals the use, retention, and

disposal policies of personal information• Design procedures and controls to ensure that the use

of personal information is only for purposes identi-fied in the notice and only if the individual has pro-vided consent, unless a law or regulation specifically requires otherwise

• Design procedures and controls to ensure that per-sonal information is retained for no longer than neces-sary to fulfill the stated purposes, unless a law or regu-lation specifically requires otherwise

• Design procedures and controls to ensure that per-sonal information no longer needed is anonymized, disposed of, or destroyed in a manner that prevents loss, theft, misuse, or unauthorized access (AICPA/CICA, 2009)

4 PrinciPle 6: access Providing individuals with access to their personal information for review, verification, and updating is one of the more critical privacy principles. Principle 6

• Obtain consent for new purposes and uses.

• Obtain explicit consent from the indi-vidual for sensitive information.

• Ensure consent is obtained before per-sonal information is transferred to or from an individual’s computer or other similar device.

Principle 4: An organization should de-sign collection policies, procedures, and controls to:

• Address the collection of personal in-formation.

• Communicate to individuals that per-sonal information is collected only for the purposes identified in the notice.

• Communicate to individuals the types of personal information collected and the methods of collection used.

• Document and describe the types of personal information collected and methods of collection in the privacy notice.

• Ensure methods of collection are re-viewed by management to confirm that personal information is obtained fairly and lawfully.

• Ensure management confirms that third parties from whom personal information is collected are reliable sources that collect information fairly and lawfully.

• Ensure individuals are informed if the entity develops or acquires informa-tion about them.

Principle 5: An organization should de-sign access policies, procedures, and con-trols to:

• Address providing individuals with ac-cess to their personal information.

• Communicate to individuals how they may obtain access to their personal in-formation to review, update, and cor-rect that information.

• Ensure individuals are able to deter-mine whether the entity maintains personal information about them and, upon request, may obtain access to their personal information.

• Ensure the confirmation of individu-als’ identity before they are given ac-cess to that information.

• Ensure personal information is provid-ed to the individual in an understand-

able form, in a reasonable time frame, and at a reasonable cost.

• Ensure individuals are informed—in writing—of the reason for denial of access.

• Ensure individuals are able to update or correct personal information held by the entity. If practical and economi-cally feasible to do so, the entity pro-vides such updated or corrected infor-mation to third parties that previously were provided with the individual’s personal information.

• Ensure individuals are informed, in writing, about the reason a request for correction of personal information was denied, and how they may appeal.

Principle 6: An organization should de-sign disclosure policies, procedures, and controls to:

• Address the disclosure of personal in-formation to third parties.

• Communicate to individuals that per-sonal information is disclosed to third parties only for the purposes identi-fied in the notice. Only information for which the individual has provided


CE

ART

ICLE


specifically recognizes an individual’s right to access and a corresponding obligation of the organization to facilitate the individual’s right on request (AICPA/CICA, 2009). The forensic accountant should remember that an individual’s request for access to his/her personal information should always be documented, and the organization should respond to the request with due diligence and within a 30-day timeframe. Moreover, if there is a fee for processing an access request, the amount must be reasonable and communicated to the individual in a timely fashion. Table 1 lists what an organization should do when developing access policies, procedures, and controls.

4 PrinciPle 7: DisclosURe This GAPP principle requires that disclosure of per-sonal information to third parties should be for the purposes identified in the notice and only when the individual has given implicit or explicit consent (AICPA/CICA, 2009). In addition, the organization is ob-ligated to disclose personal information only to third parties who provide substantially equivalent protection as does the original organization. In those cases where the third party further transfers disclosed personal information, such transfers should be permitted only where the transfer is also subject to practices affording an adequate level of protection. GAPP indicates that an organization should accomplish several things relating to disclosure policies and procedures. Table 1 lists the GAPP requirements.

4 PrinciPle 8: secURity This GAPP principle requires an organization to protect personal information against loss, misuse, unauthorized access, disclosure, alteration, and destruction (AICPA/CICA, 2009). Such information should be protected by physical, organizational, and technological measures that are ap-propriate to the sensitivity of the information. Significant harm can result to individuals if an organization does not have appropriate security measures in place to guard against unauthorized access; moreover, the organization can be held legally liable. Forensic accountants should recognize that the more sensitive the personal informa-tion, the greater the potential harm and need for increased security. Table 1 lists what an organization should do when developing security policies, procedures, and controls.

4 PrinciPle 9: QUalityThe quality principle requires that personal information that is collected, stored, and used should be accurate, complete, and relevant for the purposes identified in the notice (AICPA/CICA, 2009). Such personal informa-tion should be updated as needed to meet the identified purposes. This can be accomplished if the organization informs individuals of the existence, use, and disclosure of their personal information and provides access to that information to ensure its accuracy, completeness, and relevancy. The specific criteria outlined in GAPP regard-ing appropriate practice for ensuring information quality indicate that an organization should do the following:

consent should be disclosed, unless a law or regulation specifically allows or requires otherwise, and disclosure includes any limitation on the third party’s privacy practices and controls.

• Communicate the privacy policies or other specific instructions or require-ments for handling personal informa-tion to third parties to whom personal information is disclosed.

• Ensure personal information is dis-closed only for the purposes described

in the notice, and only information for which the individual has provided consent will be disclosed, unless a law or regulation specifically allows or re-quires otherwise.

• Ensure personal information is dis-closed only to third parties that have agreements with the entity to protect personal information in a manner con-sistent with the relevant aspects of the entity’s privacy policies or other spe-cific instructions or requirements.

• Ensure personal information is dis-closed to third parties for new purposes or uses only with the prior implicit or explicit consent of the individual.

• Ensure that the entity takes remedial action in response to misuse of per-sonal information by a third party to whom the entity has transferred such information.

Principle 7: An organization should de-sign security policies, procedures, and controls to:

• Address the security of personal infor-mation.

• Communicate to individuals the pre-cautions that are taken to protect per-sonal information.

• Ensure that a security program has been developed, documented, ap-proved, and implemented that in-cludes administrative, technical, and physical safeguards to protect personal information from loss, misuse, unau-thorized access, disclosure, alteration, and destruction.

• Ensure logical access to personal infor-mation is appropriately restricted.

• Ensure physical access to personal in-formation in any form is appropriately restricted.

• Ensure personal information, in all forms, is protected against accidental disclosure due to natural disasters and environmental hazards.

• Ensure personal information is pro-tected when transmitted by mail or other physical means. Personal infor-


WWW.ACFEI.COM • (800) 592-1399C

E ART

ICLE

• Design privacy policies that address the quality of per-sonal information

• Communicate to individuals that they are responsible for providing the entity with accurate and complete personal information and for contacting the entity if correction of such information is required

• Design procedures and controls that ensure personal information is accurate and complete for the purposes it will be used

• Design procedures and controls that ensure personal information is relevant to the purposes for which it is to be used (AICPA/CICA, 2009)

4 PrinciPle 10: MonitoRing & enfoRceMent The last GAPP principle focuses on an organization’s responsibility to monitor compliance with its privacy policies and procedures and to have procedures in place to address privacy-related inquiries, complaints, and disputes. Forensic accountants and their clients should recognize that individuals have a right to challenge an organization’s compliance with stated privacy policies and procedures. When challenges are made, the organization should explain its procedures and identify the various avenues of recourse available. GAPP provides specific, detailed instructions for monitoring and enforcement policies, procedures, and controls (AICPA/CICA, 2009). Table 1 lists these items.

Exceptions to Selected Privacy Principles Interestingly, the AICPA/CICA’s GAPP framework (2009) rec-ognizes that in certain instances it is appropriate for an orga-nization to breach privacy regarding personal information. Table 2 presents those instances set forth in GAPP where it is permissible to collect, use, and/or disclose personal infor-mation without the consent or knowledge of the individual. Clearly in those situations where the health and well-being of an individual is at stake and consent cannot be obtained on a timely basis, collection, use, and disclosure of personal information is appropriate. Also, in cases where the collection of an individual’s personal information with his or her knowledge can result in compromising the availability or accuracy of such information, obtaining the individual’s consent would not be appropriate. An example of this would be a criminal investigation. GAPP points out that an organization may collect, use, and/or disclose personal information without the individ-ual’s consent or knowledge if the information is solely for statistical, journalistic, artistic, literary, research, or scholarly purposes (AICPA/CICA, 2009). In all instances where per-sonal information is publicly available, there is no need to acquire an individual’s consent to utilize their information. Forensic accountants should note the massive authority possessed by government institutions to request personal information. “Disclosure” in Table 2 indicates that govern-ment organizations can request personal information, with or without the individual’s consent or knowledge, if it is needed in administering any federal or state program.

mation is collected and transmitted over the Internet, over public and other nonsecure networks and wire-less networks by deploying industry-standard encryption technology for transferring and receiving personal information.

• Ensure personal information stored on portable media or devices is protected from unauthorized access.

• Ensure tests of the effectiveness of the key administrative, technical, and physi-cal safeguards protecting personal infor-mation are conducted at least annually.

Principle 8: An organization should de-sign monitoring and enforcement poli-cies, procedures, and controls to:

• Address the monitoring and enforce-ment of privacy policies and procedures.

• Communicate to individuals how to contact the entity with inquiries, com-plaints, and disputes.

• Ensure a process is in place to address in-quiries, complaints, and disputes.

• Ensure every complaint is addressed and the resolution is documented and communicated to the individual.

• Ensure compliance with privacy poli-cies and procedures, commitments, and applicable laws, regulations, service-lev-el agreements, and other contracts is re-viewed and documented and the results of such reviews are reported to manage-ment. If problems are identified, reme-diation plans should be developed and implemented.

• Ensure instances of noncompliance with privacy policies and procedures are documented and reported, and, if needed, corrective measures are taken on a timely basis.

• Ensure ongoing procedures are per-formed for monitoring the effective-ness of controls over personal informa-tion, based on a risk assessment, and for taking timely corrective actions where necessary.

Source: AICPA/CICA’s GAPP Privacy Task Force, Generally Accepted Privacy Principles (2009)


CE

ART

ICLE


Collection:• Whenever collection is clearly in the

interests of the individual and consent cannot be obtained in a timely way.

• When it is reasonable to expect that the collection with the knowledge or consent of the individual would com-promise the availability or the accuracy of the information and the collection is reasonable for purposes related to in-vestigating a breach of an agreement or a contravention of federal or state law.

• The collection is solely for journalistic, artistic, or literary purposes.

• The information is publicly available.

Use:• If the use is clearly in the individual’s

interest and consent is not available in a timely way.

• If knowledge and consent would com-promise the availability or accuracy of the information, and collection were required to investigate a breach of an agreement or contravention of a fed-

eral or state law.• If the entity has reasonable grounds to

believe that information could be useful when investigating a contravention of a federal, state, or foreign law and the in-formation is used for that investigation.

• If there is an emergency that threatens the individual’s life, health, or security.

• If the use is for statistical or scholarly study or research.

• If the personal information is publicly available.

Disclosure:• To a lawyer representing the entity.• To collect a debt the individual owes

to the entity.• To comply with a law, a subpoena, a

warrant or an order made by a court or other body with appropriate juris-diction.

• To a government institution request-ing the information under lawful au-thority and indicating that disclosure is for the purpose of:

• Enforcing, carrying out an inves-tigation, or gathering intelligence relating to any federal, state, or for-eign law

• National security or the conduct of international affairs

• Administering any federal or state law

• If made by an investigative body for the purposes related to the investigation or a breach of an agreement or a contraven-tion of a federal or state law.

• In an emergency threatening an indi-vidual’s life, health, or security.

• For statistical purposes, scholarly study, or research, or to an archival in-stitution.

• Twenty years after the individual’s death or 100 years after the record was created.

• If publicly available.

Source: AICPA/CICA’s GAPP Privacy Task Force, Generally Accepted Privacy Principles 2009 (items from various GAPP principles)

TABLE 2: INSTANCES WHERE COLLECTION, USE, & DISCLOSURE OF PERSONAL INFORMATION WITHOUT CONSENT IS APPROPRIATE

CONCLUSIONOrganizations are coming under increased scrutiny when it comes to the safety of cus-tomer, patient, or employee personal infor-mation. Because such information is often stored on portable devices and dissemi-nated using Internet or wireless technology, unauthorized access to personal informa-tion has become easier than in past periods. Organizations must take special precautions to safeguard personal information that is in their care. Because of their training and skills, forensic accountants are in an excellent position to provide assistance to organiza-tions regarding the development of privacy policies and procedures that promote the safety and confidentiality of personal infor-mation and can assist with monitoring the system of safeguards to ensure their contin-ued effectiveness. The AICPA/CIAC’s GAPP offers guidance and best practices for designing and imple-menting a sound privacy program. Using GAPP, forensic accountants can provide ad-vice to their clients about privacy issues and risks and can assist in developing and imple-menting a good privacy protection program. Consequently, forensic accountants who are interested in expanding their practice by of-

WALTER A. ROBBINS, DBA, CPA, CR.FA, CFFDr. Robbins earned a Doctor of Business Administration (DBA) from the University of Tennessee and a Master of Accountancy from Virginia Tech. He is a Certified Public Accountant (CPA), a Certified Forensic Accountant (Cr.FA), and he has earned the credential of Certified in Financial Forensics (CFF) by the American Institute of Certified Public Accountants. He is the Roddy-Garner Professor of Accounting in the Culverhouse School of Accountancy at

the University of Alabama. He holds membership in the American College of Forensic Examiners International, the Government Finance Officers Association, the American Institute of Certified Public Accountants, and the American Accounting Association. Dr. Robbins has written extensively on accounting and financial reporting issues and his research has appeared in a number of academic and professional journals. He is also a partner in the firm of Financial Forensics Consulting Group, LLC.

ABOUT THE AUTHOR

fering assistance in the area of privacy risk are encouraged to become familiar with the provisions of the AICPA/CIAC’s GAPP in order to better assist their clients.

REFERENCESAmerican Institute of Certified Public Accountants

and Canadian Institute of Chartered Accountants (Updated 2009). AICPA/CICA Privacy Task Force,

Generally Accepted Privacy Principles. Retrieved from http: www.aicpa.org/privacy

Japsen, B. (2009, October 14). Blue cross warns doctors about stolen identification data. Chi-cago Tribune. Retrieved from http://archives.chicagotribune.com/2009/oct/14/business/chi-biz-doctors-identification-stolen

Rosencrance, L. (2006, December 14). Boeing laptop with data on 382,000 employees stolen. Computer-world. Retrieved from http://www.computerworld.com/s/article/9006098/Boeing_laptop.pdf n


The Forensic Examiner (Sample) - Summer 2011

Documents

Transcript of The Forensic Examiner (Sample) - Summer 2011