230 likes | 244 Views
Data Privacy: An Ethical Primer Primarily Pertaining to the PAIB’s and PAPP’s POV Eric E. Cohen, Cohen Computer Consulting. Centre for Accounting Ethics and CPA Canada present the 4th Ethics Symposium "The Impact of Technology on Ethics, Professionalism and Judgment in Accounting"
E N D
Data Privacy: An Ethical Primer Primarily Pertaining to the PAIB’s and PAPP’s POVEric E. Cohen, Cohen Computer Consulting Centre for Accounting Ethics and CPA Canada present the 4th Ethics Symposium "The Impact of Technology on Ethics, Professionalism and Judgment in Accounting" April 25-26, 2019 CPA Canada, 277 Wellington St. W., Toronto
We are being monitored as never before • Location (geo-location) • Activity at the mouse movement level, time on a page, etc. • What we say • Our image and photos • We are being analyzed • Our systems are being hacked • Our communication is being intercepted • All of this is being monetized The risk of inadvertent exposure of confidential information is increasing
Starwood passports • Facebook open text passwords • Passengers on airplanes with webcams on screens Focus on giving hackers a “pass”
If I know you are an accountant and I know where you are, what you are doing, what you have with you, or anything else, I can potentially take advantage of that • What we say in the mail, on the phone, in a fax, in a text message, in an email, on an answering machine/voicemail, in a webcast/teleconference or any other “non-secure” channel is vulnerable • Malware, trojans, infected usb, keystroke loggers, snooping WIFI hotspots • Our location (407 ETR, Speedpass, E-ZPass, cell towers, credit card charges) can be used against us and our clients • Please be aware that e-mail communication can be intercepted in transmission or misdirected. Please consider communicating any sensitive information by telephone, fax, or mail. The information contained in this message may be privileged and confidential. If you are NOT the intended recipient, please notify the sender immediately with a copy to privacy.security@computercpa.com and destroy this message. The Issues Are Not New
Privacy and confidentiality backgrounder • History of inadvertent exposure • Role of emerging technologies (good news, bad news) Data Privacy, Emerging Technologies and*Ethics*Professionalism*Judgement
How might emerging accounting and audit technologies impact the practitioner's ethical responsibilities regarding data privacy? • Do principles like "Privacy by Design" (https://lnkd.in/euSSPtx) have application? • Can blockchain help, with the possibilities of pseudonymity and zero-knowledge proofs, or hinder with "immutability" and ease of entry? • And is a decentralized blockchain a "third party service provider" as referenced in the AICPA Code of Professional Conduct? • If neither AICPA nor IESBA includes "privacy" in their codes of ethics/conduct, but reference "confidentiality", do we care about the difference between privacy and confidentiality (and anonymity)? • Twenty years ago, Scott McNealey, founder of Sun Microsystems, was quoted saying "You have zero privacy anyway, ... Get over it." How far have we come in twenty years, and what responsibilities do we as a profession have related to data privacy? Questions …
“There is no security patch for human gullibility". Privacy and Confidentiality Backgrounder
Confidentiality (generally applies to data) • An ethical duty • Dealing with private/personal information shared with the professional accountant that generally cannot be divulged to third parties without the express consent of the client • Shared because the professional accountant is in a position to help the client by collecting and analyzing otherwise private information • Privacy (generally applies to the person or entity) • A right rooted in common law • “The right to be let alone” • Dealing with freedom from intrusion into one's personal matters, and personal information • The individual’s right to keep his or her data to himself or herself; the individual not being recorded or monitored • Anonymity • Information is recorded in a manner where the information cannot be associated with the subject who provided it Privacy and Confidentiality Backgrounder
AICPA Code of Ethics • The word “privacy” does not appear • The word “confidentiality” appears 19 times • The word “confidential” appears > 100 times • International Code of Ethics • The word “privacy” does not appear • The word “confidentiality” appears 27 times • The word “confidential” appears 25 times For PAIB and PAPPs: Privacy vs Confidentiality
Integrity – to be straightforward and honest in all professional and business relationships. • Objectivity – not to compromise professional or business judgments because of bias, conflict of interest or undue influence of others. • Professional Competence and Due Care – to: (i) Attain and maintain professional knowledge and skill at the level required to ensure that a client or employing organization receives competent professional service, based on current technical and professional standards and relevant legislation; and (ii) Act diligently and in accordance with applicable technical and professional standards. • Confidentiality – to respect the confidentiality of information acquired as a result of professional and business relationships. • Professional Behavior – to comply with relevant laws and regulations and avoid any conduct that the professional accountant knows or should know might discredit the profession. Ethics:Five Fundamental Principles https://www.ethicsboard.org/system/files/publications/files/IESBA-Handbook-Code-of-Ethics-2018.pdf
Is a decentralized blockchain a Third Party Service Provider? Third-Party Service Providers
Zoom in and enhance is real • Content on photos, information in the background • Personal email, unauthorized groupware • “Five things about me” on social media vs account challenge reponses • Geotagging on pictures, check-ins at places of business • Permissions: sharing of contacts on phone/pad/PC • Reply vs Reply All • Google Assistant vs Siri vs Bixby vs Amazon Alexa vs Cortana
Watching Listening AI
7 Foundational Principles of Privacy by Design • Proactive not Reactive; Preventative not Remedial • Privacy as the Default • Privacy Embedded into Design • Full Functionality – Positive-Sum, not Zero-Sum • End-to-End Lifecycle Protection • Visibility and Transparency • Respect for User Privacy Privacy by Design?ISO/TC 317 http://www.ontla.on.ca/library/repository/mon/25008/312239.pdf
GDPR • California Consumer Privacy Act (1/2020) • A patchwork of regional laws Laws
Cloud • Big Data • Artificial Intelligence • Blockchain • Pseudonymity • Consensus • Zero-knowledge proofs • Analytics and privacy can co-exist? • Smart contracts, the compliance blockchain • Tokens Technology:Has potential to improve or exascerbate
Total surveillance, impenetrable lawlessness, or something in between • Fairness vs racial, gender and other bias • Observation changes behavior • Dejanews, Wayback Machine at archive.org • Industrialization of data • Blockchain’s “immutability” • Law and your identity may not be your own • Control over data – can others obtain/delete • Google listings by businesses – “closed” when they are not • right to erasure, right to rectification and the principle of data minimization • distributed ledger, distributed liability? difference between developer of blockchain that becomes decentralized and the decentralized blockchain over which no one person has control? Issues
What’s the App Peel? • Other • power device on or off • read sync statistics • adjust your wallpaper size • transmit infrared • receive data from Internet • view network connections • pair with Bluetooth devices • access Bluetooth settings • send sticky broadcast • change network connectivity • allow Wi-Fi Multicast reception • connect and disconnect from Wi-Fi • disable your screen lock • expand/collapse status bar • measure app storage space • full network access • close other apps • change your audio settings • control Near Field Communication • read sync settings • run at startup • reorder running apps • set time zone • set wallpaper • draw over other apps • prevent device from sleeping • modify system settings • toggle sync on and off • set an alarm • install shortcuts • uninstall shortcuts This app has access to: Device & app history • retrieve running apps Identity • find accounts on the device Calendar • read calendar events plus confidential information • add or modify calendar events and send email to guests without owners' knowledge Contacts • find accounts on the device • read your contacts • modify your contacts Location • approximate location (network-based) • precise location (GPS and network-based) • access extra location provider commands Phone • directly call phone numbers • read phone status and identity • make/receive SIP calls • add voicemail Photos/Media/Files • read the contents of your USB storage • modify or delete the contents of your USB storage Storage • read the contents of your USB storage • modify or delete the contents of your USB storage Camera • take pictures and videos Microphone • record audio Wi-Fi connection information • view Wi-Fi connections Device ID & call information • read phone status and identity Wearable sensors/Activity data • body sensors (like heart rate monitors)
About Your Speaker Eric E. Cohen Cohen Computer Consulting Website: http://www.computercpa.com E-mail: eric.e.cohen@computercpa.com Phone: +1-559-4-XBRL-GL (+1-559-492-7545) Eric Cohen is a co-founder of XBRL and the chief architect of its initial standardization work in transactional and detailed data space: the Global Ledger (XBRL GL). He serves as a Domain Coordinator for the United Nations CEFACT Accounting and Audit Domain. As a US and Canadian national Expert to ISO standardization projects in Audit Data Collection and Blockchain and Distributed Ledger Technologies, he hopes to facilitate the development of continuous audit, the establishment of the electronic, seamless audit trail, and building the foundations for auditing in a Blockchain/Distributed Ledger environment. His consultancy, Cohen Computer Consulting, began in 1992 to help organizations cope with, and benefit from, accounting and audit technology. Cohen Computer Consulting was one of the original 13 organizations that started XBRL. After a brief 17 year hiatus, he is now again focusing on accounting software implementations, as well as Audit Data Standards, Blockchain, Continuous Audit, Data Level Assurance and XBRL. As he is fond of saying, “At Cohen Computer Consulting, we turn ‘computerese’ into ‘computer-ease’”. As an internationally recognized author, speaker, teacher, and trainer on standardization and AuditTech, Mr. Cohen looks forward to helping your organization in its exploration of accounting and audit technology. Mr. Cohen is a member of the American Institute of Certified Public Accountants and the New York State Society of Certified Public Accountants.
AICPA Code of Professional Ethics • https://www.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014december15contentasof2016august31codeofconduct.pdf • International Code of Ethics for Professional Accountants (including International Independence Standards) • https://www.ifac.org/system/files/publications/files/Final-Pronouncement-The-Restructured-Code_0.pdf Resources
Data Privacy • Confidentiality – to respect the confidentiality of information acquired as a result of professional and business relationships. IESBA CoE 110.1 A1.(d) Tech stack: Mail, Phone, Fax, email, web portal, video/still cameras, mobile apps, third party service provider PAIB Employer Employees Customers Vendors Business partners Tech stack: Mail, Phone, Fax, email, web portal, video/still cameras, mobile apps, third party service provider PAPP Client’s data Client data Interactions with clients Employer Employees Customers Vendors Business partners Tech stack: Mail, Phone, Fax, email, web portal, video/still cameras, mobile apps, third party service provider Third party service provider PAIBProfessional Accountants in Business PAPP Professional Accountants in Public Practice