The Forensic Examiner (Sample) - Summer 2011 by CNTA, Inc.

p.74

LT. COLONEL DAVE GROSSMAN p.60

INTERNATIONALLY RECOGNIZED SCHOLAR, AUTHOR, SOLDIER, AND SPEAKER

an fbi

p.22

visionary profile of howard teten

p.48

$7.50 U.S./$9.50 CAN

GEAR UP FOR THE NETWORKING EVENT OF THE YEAR!

BRANSON, MO OCTOBER 12–14 SIGN UP NOW!

p.28

MIRANDA RIGHTS REVISITED Summer 2011 THE FORENSIC EXAMINER®

ACFEI0211EX

ACHIEVE NEW GOALS. LEARN NEW JOB SKILLS. GROW YOUR PASSION.

The American College of Forensic Examiners Institute速 provides the latest in certified training. We offer a range of online forensic credentials from Certified Forensic Nurse, CFN速 to Certified Forensic Accountant, CrFA速. Check out our online catalog for a complete list of the certifications we offer from all our associations. 02

THE FORENSIC EXAMINER速 Summer 2011

1-800-423-9737

www.ACFEI.com

Are you curious about the interconnected fields of forensic science and law? Do you lack the time to invest in a degree program and/or to study on-site? Does the idea of the world's greatest experts reaching you online interest you?

the certificate in forensic Science and law

Then consider

Established at the renowned Cyril H. Wecht Institute of Forensic Science and Law in 2002, this unique course of study investigates the promise and the possibilities that modern science brings to our pursuit of truth and justice in criminal, civil, and family legal proceedings. It is a program that convenes professionals from a variety of disciplines to expand our collective and individual understanding of the many ways in which this goal can be achieved. • Online delivery brings videotaped lectures, AV materials and discussion groups to your home • Supplemental live sessions include Crime Scene Investigation, Interrogations and a Trial • Options include the 12-credit undergraduate certificate or the 18-credit graduate certificate

NOw acceptiNg applicatiONS fOr the 2011-2012 academic year. For more information, contact the Institute at wechtinstitute@duq.edu or 412-396-1330. Or visit us online at

www.duq.edu/forensics. Summer 2011 THE FORENSIC EXAMINER®

ABFSW0211EX

THE FORENSIC EXAMINER速 Summer 2011

Summer 2011 THE FORENSIC EXAMINER速

TABLE OF CONTENTS

CONTENTS 48

2011 EXECUTIVE SUMMIT 50 51 52 06

SCHEDULE AT A GLANCE HOTEL & CONVENTION CENTER CONFERENCE SCHEDULES

THE FORENSIC EXAMINER速 Summer 2011

60 62 63

KEYNOTE SPEAKERS CREDENTIALING OPPORTUNITIES REGISTRATION FORM

WWW.ACFEI.COM • (800) 592-1399

VOLUME 20 • NUMBER 2 • SUMMER 2011

IN THIS ISSUE 78

THE DETECTIVE’S CORNER: CUT AND DRIED

79 80 81 86 87

FALSELY ACCUSED PRODUCT REVIEWS BOOK REVIEWS NEW MEMBERS

AICPA/CICA’S GENERALLY ACCEPTED PRIVACY PRINCIPLES: A Tool for Forensic Accountants

HOWARD TETEN: An FBI Visionary

28 64 70

MIRANDA REVISITED

WHOSE FIRE SCENE IS THIS ANYWAY?

A TERRIBLE THING TO DO REVISITING THE INTEGRATION OF FORENSIC ACCOUNTING AND THE AUDITING PARADIGM

AICPA/CICA’S GENERALLY ACCEPTED PRIVACY PRINCIPLES

CE TEST PAGES

HOWARD TETEN: AN FBI VISIONARY

TABLE OF CONTENTS

MIRANDA REVISITED

FEATURES

Summer 2011 THE FORENSIC EXAMINER®

BOARDS

2011 EDITORIAL ADVISORY BOARD Nicholas G. Apostolou, DBA, DABFA, CPA, Cr.FA Larry Barksdale, BS, MA E. Robert Bertolli, OD, FACFEI, CHS-V, CMI-V Kenneth E. Blackstone, BA, MS, CFC, DABFE David T. Boyd, DBA, CPA, Cr.FA, CMA Jules Brayman, CPA, CVA, DABFA, FACFEI John Brick, PhD, MA, DABFM, FACFEI Richard C. Brooks, PhD, CGFM, DABFE Dennis L. Caputo, MS, DABFET, CHMM, FACFEI Dennis H. Chevalier, BS, MSM, DM, CMI David F. Ciampi, PhD, FACFEI, DABPS Larry Crumbley, PhD, CPA, DABFE, Cr.FA Andrew N. Dentino, MD, FACFEI, DABFE, DABFM James A. DiGabriele, PhD/DPS, CPA, Cr.FA, FACFEI John Shelby DuPont Jr., DDS, DABFD Scott Fairgrieve, Hons. BSc, MPhil, PhD, FAAFS Edmund D. Fenton, DBA, CPA, CMA, Cr.FA Per Freitag, PhD, MD, FACFEI, DABFM L. Sue Gabriel, MSN, MFS, EdD, RN Nicholas Giardino, ScD, FACFEI, DABFE David H. Glusman, CPA, DABFA, Cr.FA, FACFEI Ron Grassi, DC, FACFEI, DABFM, DABFE Richard C. W. Hall, MD, FACFEI, DABFM, DABFE John J. Haberströh, DC, CFC, CMI-V, FACFEI Raymond F. Hanbury, PhD, ABPP, FACFEI, DABFE David L. Holmes, EdD, FACFEI, DABFE, DABPS Leo L. Holzenthal Jr., PE, DABFET, FACFEI Linda Hopkins, PhD, CFC, DABPS, DABRE Edward J. Hyman, PhD Zafar M. Iqbal, PhD Nursine S. Jackson, MSN, RN, DABFN Robert S. Kassoff, PhD, DABPS, DACFM, DABFE Philip Kaushall, PhD, DABFE, DABPS, FACFEI Eric Kreuter, PhD, CPA, DABFA, FACFEI Ronald G. Lanfranchi, DC, PhD, CMI-IV, FACFEI Richard Levenson, Jr., PsyD, DABFE, DABPS, FACFEI Monique Levermore, PhD, FACFEI, DABPS

Jonathan Lipman, PhD, FACFEI, DABFE, DABPS Judith Logue, PhD, FACFEI, DABFSW, DABPS Mike Meacham, PhD, LCSW, DABFSW, FACFEI David Miller, DDS, FACFEI, DABFE, DABFD Leonard I. Morgenbesser, PhD, FACFEI Jacques Ama Okonji, PhD, FACFEI, DABFE, DABPS Norva E. Osborne, OD, CMI-III George Palermo, MD, PhD, FACFEI, DABFM Ronald J. Panunto, PE, CFC, CFEI, DABFET Larry H. Pastor, MD, FACFEI, DABFE, DABFM Theodore G. Phelps, CPA, DABFA Marc Rabinoff, EdD, FACFEI, DABFE, CFC Jerald H. Ratner, MD, CFP, PA Harold F. Risk, PhD, DABPS, FACFEI Susan P. Robbins, PhD, LCSW, DABFSW Walter A. Robbins, DBA, CPA/CFF, Cr.FA Jane R. Rosen-Grandon, PhD, DABFC, FACFEI Douglas Ruben, PhD, FACFEI, DABFE, DABPS J. Bradley Sargent, CPA, Cr.FA, DABFA, FACFEI William Sawyer, PhD, FACFEI, DABFE, DABFM Howard A. Shaw, MD, DABFM, FACFEI Ivan Sosa, MD Henry A. Spiller, MS, DABFE, FACFEI Marilyn J. Stagno, PsyD, RN, FACFEI Richard I. Sternberg, PhD, DABPS James R. Stone, MD, MBA, CHS-III, CMI-IV George S. Swan, JD William A.Tobin, MA, DABFET, DABLEE, FACFEI Robert Tovar, BS, MA, DABFE, DABPS, CHS-III Brett C.Trowbridge, PhD, JD, DABPS, FACFEI Richard A.Vera II, PI, MBA, CPA, CFE Sandy Weiss, BS, BCEP Patricia A. Wallace, PhD, FACFEI, DABFE, DABFM, CFC Raymond Webster, PhD, FACFEI, DABFE, DABFM Dean A. Wideman, MSc, MBA, CFC, CMI-III *Note: For spacing and consistency considerations, the number of designations listed has been limited to four.

ACFEI EXECUTIVE ADVISORY BOARD CHAIR Cyril H. Wecht, MD, JD, FACFEI, CFP; Chair, American Board of Forensic Medicine MEMBERS Douglas Wayne Beal, MD, MSHA, CMI-V, CFP; Chair, American Board of Forensic Exmainers Alexander Lamar Casparis, CPA, MBA, Cr.FA, FACFEI; Chair, American Board of Forensic Accounting Dianne Ditmer, MS, RN, CFN, FACFEI; Chair, American Board of Forensic Nursing Douglas E. Fountain, PhD, LCSW, DABFE, DABFSW; Chair, American Board of Forensic Social Workers Raymond H. Hamden, PhD, FACFEI, CFC, CMI-V, Chair, American Board of Psychological Specialties James H. Hutson, DDS, CMI-V; Chair, American Board of Forensic Dentistry Marilyn J. Nolan, MS, FACFEI, DABFC; Chair, American Board of Forensic Counselors Gregg M. Stuchman; Chair, American Board of Recorded Evidence

CONTINUING EDUCATION ACFEI provides continuing education credits for accountants, nurses, physicians, dentists, psychologists, counselors, social workers, and marriage and family therapists.

The American College of Forensic Examiners International (ACFEI) does not endorse, guarantee, or warrant the credentials, work, or opinions of any individual member. Membership in ACFEI does not constitute the grant of a license or other licensing authority by or on behalf of the organization as to a member’s qualifications, abilities, or expertise. The publications and activities of ACFEI are solely for informative and educational purposes with respect to its members. The opinions and views expressed by the authors, publishers, or presenters are their sole and separate views and opinions and do not necessarily reflect those of ACFEI, nor does ACFEI adopt such opinions or views as its own. The American College of Forensic Examiners International disclaims and does not assume any responsibility or liability with respect to the opinions, views, and factual statements of such authors, publishers, or presenters, nor with respect to any actions, qualifications, or representations of its members or subscriber’s efforts in connection with the application or use of any information, suggestions, or recommendations made by ACFEI or any of its boards, committees, publications, resources, or activities thereof. The Forensic Examiner® (ISSN 1084-5569) is published quarterly by The American College of Forensic Examiners International, Inc. (ACFEI). Annual membership for a year in the American College of Forensic Examiners International is $165. Abstracts of articles published in The Forensic Examiner® appear in National Criminal Justice Reference Service, Cambridge Scientific Abstracts, Criminal Justice Abstracts, Gale Group Publishing’s InfoTrac Database, e-psyche database, and psycINFO database. Periodicals Postage Paid at Springfield, Missouri, and additional mailing offices. © Copyright 2011 by the American College of Forensic Examiners International. All rights reserved. No part of this work can be distributed or otherwise used without the express written permission of the American College of Forensic Examiners International. The views expressed in The Forensic Examiner® are those of the authors and may not reflect the official policies of the American College of Forensic Examiners International. CONTACT US: Publication, editorial, and advertising offices of ACFEI, 2750 East Sunshine Street, Springfield, MO 65804. Phone: (800) 592- 1399, Fax: (417) 881- 4702, E-mail: editor@acfei.com. Subscription changes should be sent to ACFEI, 2750 East Sunshine, Springfield, MO 65804. POSTMASTER: Send address changes to American College of Forensic Examiners International, 2750 East Sunshine Street, Springfield, MO 65804.

FOUNDER AND PUBLISHER: Robert L. O’Block, MDiv, PhD, PsyD, DMin (rloblock@aol.com) EDITOR: Amanda Kyger (amanda.kyger@acfei.com) MEMBER SERVICES: Candice Sickman (candice@acfei.com) EXECUTIVE ART DIRECTOR: Brandon Alms (brandon@acfei.com) ICBS CAO: Tanja O’Block (tanja@acfei.com) ANNALS® EDITOR: Laura Johnson (laura@americanpsychotherapy.com) INSIDE HOMELAND SECURITY® EDITOR: Trysta Herzog (trysta@abchs.com) ADVERTISING: Amanda Kyger (amanda.kyger@acfei.com) (800) 423-9737, ext. 116

THE FORENSIC EXAMINER® Summer 2011

Approvals for continuing education activities are subject to change. For the most up-to-date status, please check the course catalog on our Web site, www.acfei.com, or contact the Continuing Education staff toll-free at (800) 423-9737. ACFEI is an approved provider of Continuing Education by the following: Accreditation Council for Continuing Medical Education National Association of State Boards of Accountancy National Board for Certified Counselors California Board of Registering Nursing American Psychological Association California Board of Behavioral Sciences Association of Social Work Boards American Dental Association (ADA CERP) The Missouri Sheriff’s Association co-sponsors Police Officer Standards Training (POST) accreditation for the American College of Forensic Examiners Institute’s activities. The American College of Forensic Examiners Institute is a member of the National Certification Commission and the Alliance for Continuing Medical Education. The Ethics Course, Law Course, Evidence Course, Certified Medical SM Investigator®, Certified in Disaster Preparedness , Certified Forensic Accountant, Cr.FA®, and the Certified in Homeland Security, CHS ® Levels I–V are all approved for the G.I. Bill benefits.

WWW.ACFEI.COM • (800) 592-1399

ACFEI EXECUTIVE ADVISORY BOARDS American Board of Forensic Accounting

CHAIR Alexander Lamar Casparis, CPA, MBA, Cr. FA, FACFEI MEMBERS Stewart L. Appelrouth, CPA, CFLM, Cr.FA, FACFEI Gary Bloome, CPA, Cr.FA D. Larry Crumbley, PhD, CPA, DABFA, Cr.FA James A. DiGabriele, PhD/DPS, CPA, Cr.FA, FACFEI Michael W. Feinberg, CPA, Cr.FA Michael G. Kessler, Cr.FA, CICA, FACFEI, DABFA Eric A. Kreuter, PhD, CPA, FACFEI, DABFA Robert K. Minniti, CPA, MBA, Cr.FA J. Bradley Sargent, CPA, CFS, Cr.FA, FACFEI Joseph F. Wheeler, CPA, Cr.FA, CHS-III, CFF

American Board of Forensic Counselors

CHAIR Marilyn J. Nolan, MS, FACFEI, DABFC, DABCIP Chair Emeritus: Dow R. Pursley, EdD, FACFEI, DABFC MEMBERS George Bishop, LPC, LAT, FACFEI, DABFE Laura W. Kelley, PhD, LPC, DABFC, FACFEI William M. Sloane, JD, LLM, FACFEI, CHS-III

MEMBERS Cam Cope, BS, DABFET, DABFE Robert K. Kochan, BS, FACFEI, DABFET, DABFE J.W. “Bill” Petrelli Jr., DABFET, CFC, AIA, FACFEI Max L. Porter, PhD, DABFET, CFC, FACFEI

American Board of Forensic Medicine

CHAIR Cyril H. Wecht, MD, JD, FACFEI, CFP

MEMBERS Douglas Wayne Beal, MD, MSHA, CMI-V, CFP Zhaoming Chen, MD, PhD, MS, CFP John A. Consalvo, MD, DABFE, DABFM, FACFEI Louis W. Irmisch III, MD, FACFEI, CMI-V, CFP E. Rackley Ivey, MD, FACFEI, CMI-V, CFP Lawrence Lavine, DO, MPH, CHS-V, CMI-V Kenneth A. Levin, MD, CFP, FACFEI, DABFM E. Franklin Livingstone, MD, CFP, FACFEI, DABFM Manijeh K. Nikakhtar, MD, CFP, MPH, CMI-V Matthias I. Okoye, MD, MSc, JD, FRCP John R. Parker, MD, FACFEI, DABFM, CFP Jerald H. Ratner, MD, DABFE, DABFM, FACFEI S. Sandy Sanbar, MD, PhD, JD, FCLM Gene Unger, MD, JD, FACFEI, DABFM

American Board of Forensic Nursing

American Board of Forensic Dentistry

CHAIR Dianne T. Ditmer, MS, RN, CFN, CHS-III

MEMBERS Bill B. Akpinar, DDS, CMI-V, FACFEI, DABFD Stephanie L. Anton-Bettey, DDS, CMI-V Susan Bollinger, DDS, CMI-IV, CHS-IV Chester B. Kulak, DMD, CMI-V, CFC, DABFD

MEMBERS Heidi H. Bale, RN, BSN, CFN Marilyn A. Bello, RNC, MS, CFN, CMI-IV Cynthia J. Curtsinger, RN, CFN Linda J. Doyle, RN, CLNC, CFN, CMI-III L. Sue Gabriel, EdD, MSN, RN, CFN Diane L. Reboy, MS, RN, CFN, FACFEI Sharon L. Walker, MPH, PhD, RN, CFN Carol A. Wood, RN, CFN, BS, NHA

CHAIR James H. Hutson, DDS, CMI-V, FACFEI Chair Emeritus: Brian L. Karasic, DMD, MBA, DABFD, CMI-III

MEMBERS Jess P. Armine, DC, FACFEI, DABFE, DABFM Ronna F. Dillon, PhD, DABFE, DABPS, CMI-V, CHS-III Bruce H. Gross, PhD, JD, MBA, FACFEI Darrell C. Hawkins, MS, JD, FACFEI, CMI-V Michael W. Homick, PhD, DABCHS, CHS-V John L. Laseter, PhD, FACFEI, CMI-IV, CHS-III Lawrence Lavine, DO, MPH, CHS-V, CMI-V Leonard K. Lucenko, PhD, FACFEI, DABFE, CPSI Marc A. Rabinoff, EdD, FACFEI, DABFE, CFC Janet M. Schwartz, PhD, FACFEI, DABFE, CHS-V

American Board of Forensic Engineering and Technology

CHAIR Ben Venktash, DABFET, DABFE, FRSPH(UK), FIET(UK) VICE CHAIR George C. Frank, CFC, DABFE, FACFEI

American Board of Forensic Social Workers

CHAIR Douglas E. Fountain, PhD, LCSW, DABFE, DABFSW

MEMBERS Peter W. Choate, PhD, BA, MSW, DABFSW, DABFE Tina Jaeckle, PhD, LCSW, MFSW, CFC Michael G. Meacham, PhD, LCSW, DCSW, DABFSW Kathleen Monahan, DSW, MSW, CFC, DABFE Susan P. Robbins, PhD, LCSW, DCSW, DABFSW Steven J. Sprengelmeyer, MSW, MA, FACFEI, DABFSW

American Board of Psychological Specialties

CHAIR Raymond H. Hamden, PhD, FACFEI, CFC, CMI-V CHAIR EMERITUS Raymond F. Hanbury, PhD, FACFEI, DABPS, DABFE

American Board of Recorded Evidence

CHAIR Gregg M. Stutchman

MEMBERS Ernst F.W. Alexanderson, BA, MBA, FACFEI, DABRE Eddy B. Brixen, DABFET Charles K. Deak, BS, CPC, DABFE, DABRE Ryan O. Johnson, BA, DABFE, DABRE Michael C. McDermott, JD, DABRE, DABFE, FACFEI Jennifer E. Owen, BA, DABRE, DABFE Thoomas J. Owen, BA, FACFEI, DABRE, CHS-V Lonnie L. Smrkovski, BS, DABRE, DABFE, FACFEI

American Board of Registered Investigators

MEMBERS Kenneth E. Blackstone, MS, CFC, DABFE H. Scott Brown, MS, RS, RI Ron Carroll, BS Eric Lakes, CHS-III, CLWE, MCSE Lt. David Millsap, RI, CMI-III Joseph A. Juchniewicz, MA, SSI, CHS-III, RI Richard A. Vera, II, MBA, CPA Cyril H. Wecht, MD, JD, CFP, FACFEI Claude E. Wells, BA, RI

Executive Advisory Board of the International College of the Behavioral Sciences

CHAIR Janet M. Schwartz, PhD, FACFEI, DABFE, CHS-V BOARD SECRETARY Steven Crimando

MEMBERS Mike Baer, PhD Duane L. Dobbert, PhD, FACFEI Sue Gabriel, EdD, RN, CFN Mark L. Goldstein, PhD Raymond H. Hamden, PhD, FACFEI, CFC, CMI-V Janice L. Hargrave, MEd, CFC David L. Holmes, EdD Tina Jaeckle, PhD, LCSW, MFSW, CFC Gary Kesling, PhD., LMFT, LPC, DAPA Lon Kopit, PsyD, LPC, BCPC Carl J. Patrasso, PsyD Katherine Ramsland, PhD, CMI-V Jerald H. Ratner, MD, CFP Doug Ruben, PhD Ronald M. Ruff, PhD

BOARDS

American Board of Forensic Examiners

CHAIR Douglas Wayne Beal, MD, MSHA, CMI-V, CFP

Ronna F. Dillon, PhD, DABPS, CMI-V, CHS-III Carl N. Edwards, PhD, JD, FACFEI, DABPS Helen D. Pratt, PhD, FACFEI, DABPS Douglas H. Ruben, PhD, FACFEI, DABPS, DABFE Richard M. Skaff, PsyD, DABPS Charles R. Stern, PhD, DABPS, FACFEI, CMI-V Joseph C. Yeager, PhD, DABFE, DABPS, FACFEI Donna M. Zook, PhD, DABPS, CFC

MEMBERS Carol J. Armstrong, PhD, LPC, DABPS Robert J. Barth, PhD, DABPS

Summer 2011 THE FORENSIC EXAMINER®

ACFEI NEWS

ACFEI NEWS and announcements REGISTER FOR THE 2011 EXECUTIVE SUMMIT Register now before August 1 to receive the early bird rate for the 2011 Executive Summit held October 12-14! For a detailed schedule of events, information about Branson, presenter highlights, and the registration form, look to the Executive Summit section beginning on page 48 of this issue.

ACFEI NEWS

EDITORIAL ADVISORY BOARD MEMBERS WANTED

The Forensic Examiner is seeking editorial advisory board members with varied areas of expertise in forensics to peer-review manuscripts for the journal. Send your résumé/curriculum vitae to editor@acfei.com to apply for an editorial advisory board position.

REGISTERED INVESTIGATOR: OPEN-SOURCE Get published as a course author today by submitting a module for inclusion in the Registered Investigator®, RI® Program. RI® is the world’s first open-source certification program, which means you can submit an idea for a module simply by filling out the form online. Once received, ACFEI staff will forward your proposal to a committee of members on the American Board of Registered Investigators for approval. We currently pay $500 for a 4,000-word completed module submitted in accordance with our course submission guidelines. For more information, visit the RI Web site at www.acfei.com/risubmit.

THE FORENSIC EXAMINER® Summer 2011

COLD CASE SUBMISSIONS

We are pleased to announce a new feature that will focus on Cold Cases involving our members from around the world. The “Cold Case Examiner” will be a one-page article sent in by readers providing a summary of the case. This will allow networking with other leading forensic experts from varied disciplines to help facilitate and invite responses and feedback on your cold case. If you would like to have your cold case featured, please e-mail your one-page article via a Word document and include any photos, evidence, or supplemental details to editor@acfei.com. GET YOUR PICTURE DISPLAYED IN THE FORENSIC EXAMINER® We are introducing a quarterly feature where members can send in pictures of themselves holding a copy of the Examiner on vacation or business travels. If you would like to see your picture in this section, take a copy of the journal and your camera with you on your travels—we want to see your pictures! Email your highresolution photos to editor@acfei.com, or mail to Forensic Traveler, 2750 E. Sunshine, Springfield, MO 65804.

ACFEI staff member Molly White displays The Forensic Examiner® in front of the Palmer House Hotel in Chicago, Illinois.

New Books From

MEDIA0211EX

ACFEI Media

Stuck on Me: Missing You

Psychological Autopsy of Elvis Presley

By Larry A. Bugen, Ph.D. ISBN: 9780982212134

By William J. Ronan ISBN: 9780983260103

Sometimes our love for others becomes blurred by a preoccupation with oneself. Carried too far, this self-absorption jeopardizes the love bonds we need to survive. Bugen, a psychologist and photographer, critiques the pervasive narcissism of our contemporary culture, reveals the true nature of love, and presents Six Gifts that ensure its survival among the fittest. Paperback. 307 pages

Ronan, a licensed independent clinical social worker, examines the facts of Elvis Presley’s journey on Earth to reveal the truths of the legendary rocker’s life—and the root causes of his death. In so doing, he forces the reader to consider the sheer psychological force that core beliefs play in creating and recreating lives, and in dooming others to an early end. Hardcover. 349 pages

$19.95 +S & H

$24.95 +S & H

Culture Notes: Essays on Sane Living

In the Practice of Health Care: The Search for Satisfaction

By Irene Rosenberg Javors ISBN: 9780982212141

By Ronald Hixson ISBN: 9780983260110

Have we all lost our minds? It’s a question we have all asked ourselves as we ponder such modern occurrences as “reality” TV, road rage, and terrorism. Javors’ collection of her columns from the Annals of the American Psychotherapy Association offers prescriptions for “sane living” in the face of life’s challenges. Paperback. 144 pages

Hixson, a psychotherapist, provides applicable insight into all aspects of practice management, from economics to ethics. Paperback. 190 pages

$14.95 +S & H

Order your book from Amazon.com or call 1-800-423-9737

Coming Soon! Last Summer With Oscar: An Adventurous True Story of Love and Courage By Jan Schwartz Schwartz, a teacher, psychologist, and forensic fraud investigator, offers a narrative case study that relates the true story of a nine-year-old golden retriever’s response to cancer.

Want to get Published? ACFEI Media wants to walk with you on your a la carte publishing journey. In our approach, you determine the decisions you want to make on your own,

and we’ll help you with the rest.

• Hardcover or paperback? Small or large format? • Print, e-book, or both? • Do you have a copy editor, or would you like our help? As we guide you through the steps and discuss your options, you’ll find the tough decisions easier to resolve.

ACFEI MEDIA

C ALL

4238- 00 FOR 9737 M INFO

O RMA RE TION

® 800-423-9737 • WWW.ACFEI.COM • 2750 E SUNSHINE STREET SPRINGFIELD, MO 65804 Summer 2011 THE• FORENSIC EXAMINER 11

ANOTHER GREAT MEMBER BENEFIT

CE ARTICLE: 1 CE CREDIT

CE ARTICLE

A Tool for Forensic Accountants

THE FORENSIC EXAMINER速 Summer 2011

WWW.ACFEI.COM • (800) 592-1399

By DR. WALTER A. ROBBINS, DBA, CPA, CFF Certified Forensic Accountant (Cr.FA) ABSTRACT

Forensic accountants are typically involved in fraud prevention and

detection. However, another area where their expertise may be called upon for assistance relates to the protection of sensitive personal information that is collected, stored, and used by organizations. Given the extensive practice of storing information on portable devices and making data transfers using the Internet or other wireless technologies, criminals have more opportunities to acquire information on customers, patients, or employees through unauthorized access. Forensic accountants can use the AICPA/CICA’s set of Generally Accepted Privacy Principles (GAPP) as a framework when developing and implementing a sound privacy protection program for clients. Such a program can help prevent criminals from gaining unauthorized access to confidential personal information.

CE ARTICLE Summer 2011 THE FORENSIC EXAMINER®

AICPA/CICA’S GENERALLY ACCEPTED PRIVACY PRINCIPLES: A Tool for Forensic Accountants

EARN CONTINUING EDUCATION CREDITS TAKE THE CE TEST FOR THIS ARTICLE ON PAGE 87

This article is approved by the following for continuing education credit:

(ACFEI) The American College of Forensic Examiners International provides this continuing education credit for Diplomates and certified members.

After studying this article, participants should be better able to do the following:

1. Explain the importance of security associated with collecting and using personal information of customers, patients, or employees. 2. Discuss the 10 principles of the AICPA/CICA’s framework of Generally Accepted Privacy Principles (GAPP). 3. Describe the attributes of a good privacy protection program for an organization that collects and uses personal information.

CE ARTICLE

KEY WORDS: privacy risk, personal information, data protection, AICPA privacy framework, confidential information, information security, Generally Accepted Privacy Principles TARGET AUDIENCE: forensic accountants who are interested in developing and implementing privacy protection programs for their business clients PROGRAM LEVEL: Basic DISCLOSURE: The author has nothing to disclose. PREREQUISITES: None

While forensic accountants are typically involved in fraud prevention and detection, another area where their expertise is needed is protecting sensitive personal information that is collected, stored, and used by organizations. Given the current status of information technology, not only is confidential information stored in mainframe databases, but it is increasingly being stored on portable devices; moreover, such information is being disseminated using the Internet or other wireless technologies. Individuals have even begun to store their personal information on the Internet through remote locations. Consequently, unauthorized access to such confidential information has become easier than ever, and the frequency of loss or theft has increased dramatically. Recent high-profile breaches illustrate the threat of this potential danger. In 2006, it was reported that a laptop containing the personal information on 382,000 working and retired employees of Chicago-based Boeing Co. was stolen from an employee’s car (Rosencrance, 2006). This private information included employees’ Social Security numbers, home addresses, telephone numbers, birth dates, and salary information; the computer and data were never recovered. In October of 2009, Blue Cross and Blue Shield warned approximately 800,000 doctors that their business and personal information was lost when an

THE FORENSIC EXAMINER® Summer 2011

insurance trade group employee’s laptop was stolen (Japsen, 2009). It was reported that the employee broke protocol and transferred the information to his personal laptop. Everyday companies are faced with the risk of having sensitive and confidential personal data become available to the public. The loss or theft of customer or employee records and other confidential personal information can jeopardize the financial well-being of any organization. For instance, such loss can result in a damaged reputation, loss of customer trust, and a multitude of fines and fees. Forensic accountants can provide a valuable service to organizations that collect, store, and use confidential personal information; given their specialized expertise, forensic accountants are well-equipped to assist clients in developing a set of privacy policies and procedures that can promote the safety and confidentiality of such information, in addition to assisting with monitoring the system of safeguards to ensure continued effectiveness. Because protecting individuals’ personal information has become a significant riskmanagement issue for all organizations and guidance in this area has been limited, in 2003 the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Certified Accountants (CICA) formed a joint Privacy Task Force. The work of this task force resulted in the publication of

a global privacy framework. The framework consists of common privacy principles know as Generally Accepted Privacy Principles (GAPP). The framework was updated in 2006 and in 2009 (AICPA/CICA, 2009). Because of the importance and usefulness of these principles to forensic accountants when evaluating an organization’s privacy risk program, this article presents the privacy principles as set forth by the AICPA/CICA. It is imperative that forensic accountants who plan to enter this area of consulting become familiar with these privacy principles and understand their relevancy to developing a sound privacy risk program.

What Is Privacy? The AICPA/CICA’s GAPP defines privacy as the rights and privileges of individuals when personally identifiable information is collected, stored, used, disclosed, or disposed of by an organization. Such information can be linked directly or indirectly to an individual or can be used to determine their identity. The term “individual” is broad and includes prospective current and former customers, employees, and others with whom an organization has a relationship.

WWW.ACFEI.COM • (800) 592-1399

Principles of the Privacy Framework

The AICPA/CICA (2009) point out that most information collected by organizations is likely to be personal and usually includes items such as names, home addresses, Social Security numbers, email addresses, and various physical characteristics. While this type of personal information is considered confidential and its misuse would be a breach of privacy, certain other types of personal information represents a much higher level of risk, such as medical conditions, financial information, and racial or ethnic origin. Because sensitive personal information poses higher risks, extra protection and due care are required; as an example, explicit consent from an individual would be appropriate. In cases where personal information cannot be associated with specific individuals, the AICPA/CICA (2009) identifies this as nonpersonal information. This includes personal information for which the identity of the individual is unknown and cannot be determined. However, forensic accountants should be aware that obligations related to nonpersonal information may still exist due to regulations or agreements (i.e., clinical and market research).

The AICPA/CICA’s Privacy Framework (2009) sets forth ten principles that form a comprehensive benchmark for defining the best privacy and security practices for personal information protection. Each principle is supported by objective, measurable criteria that form the basis for effective management of privacy risk and compliance in an organization.

CE ARTICLE

Certified Forensic Accountant (Cr.FA) To learn more about investigative accounting, fraud prevention and detection, and privacy protection, become a Certified Forensic Accountant (Cr.FA). For more information on the program and to enroll, go to www. acfei.com or call (800) 423-9737. Summer 2011 THE FORENSIC EXAMINER®

AICPA/CICA’S GENERALLY ACCEPTED PRIVACY PRINCIPLES: A Tool for Forensic Accountants

1: Management 4 Principle The first component of GAPP requires a plan assigning

accountability for privacy policies and procedures be established. The lines of accountability must be clearly defined, documented, and communicated throughout the organization, and it must be understood that an appropriately established privacy program is predicated on a good management infrastructure that supports the privacy strategy. As set forth in GAPP, management should: 1. Design a privacy policy that defines and documents the privacy policies in relation to the other nine principles of GAAP; 2. Communicate privacy policies and consequences of noncompliance to all internal personnel; and 3. Assign a person or group to manage the privacy program (AICPA/CICA, 2009). Additional detail design requirements are presented in Table 1.

responsibilities when responding to customer inquiries, GAPP indicates that they should know the name and title of the person accountable for the organization’s privacy program, the name, title, and address of the person to whom access requests should be sent, how individuals can access their personal information, and how individuals can file a complaint with the organization. Table 1 shows the specific criteria outlined in Principle 2.

3: Choice & Consent 4 Principle This principle recognizes that individuals have a right to

2: Notice 4 Principle This principle requires that notice about an organiza-

tion’s privacy policies and procedures be provided to both employees and customers (AICPA/CICA, 2009). This communication should also identify the purposes for which personal information is collected, used, retained, and disclosed. The privacy policy should ensure that customers are able to obtain the information they need to make informed decisions about their business relationships with the organization. For employees to meet their

be provided with clear, conspicuous, readily available mechanisms to exercise their choice regarding the collection, use, and disclosures of their personal information (AICPA/CICA, 2009). An organization is obligated to inform and obtain permission from individuals before collecting or using their personal information for the purpose specified in the notice. The individual must voluntarily consent to allowing his/her personal information to be disclosed to a third party or used for a different purpose. In many instances, an organization may collect personal information that is “sensitive” in nature, such as an individual’s medical condition. Whenever sensitive personal information is to be collected, the organization must give individuals an affirmative or explicit choice to opt-in or opt-out if the information is to be disclosed to a third party or used for a purpose other than that for which it was originally collected or subsequently autho-

CE ARTICLE

TABLE 1: Detail Requirements of Selected Principles Principle 1: Design procedures and controls to ensure: • Reviewing and approving changes to the privacy policies and procedures. • Compliance with applicable laws and regulations, and reviews and revisions are appropriately undertaken. • Identification of the types of personal information and sensitive personal information. • A risk assessment process is used to establish a risk baseline and identify new or changed risks to personal information. • Commitments and relationships with other businesses entered into by the entity are consistent with its own privacy policies and address any inconsistencies. • Appropriate privacy infrastructure is put into place and developed, implemented, and maintained. • A documented privacy incident and breach management program is established.

THE FORENSIC EXAMINER® Summer 2011

• Adequate resources to achieve the privacy objectives are provided. • Appropriate qualifications for personnel responsible for protecting the privacy and security of personal information are established. • A privacy awareness program is established and specific training for selected personnel is provided. • Change in the business and regulatory environment that may affect the appropriateness of existing privacy policies and procedures are continually monitored and assessed. Principle 2: The organization should: • Design a privacy policy that addresses providing notice to individuals. • Communicate the notice to individuals. • Design procedures and controls to ensure the notice is provided initially, when changes are made to the privacy policy, and when there are changes in usage of personal information. • Design procedures and controls to en-

sure that an objective description of the entities and activities covered by the privacy policies and procedures is included in the privacy notice. • Design procedures and controls to ensure the use of clear and conspicuous language in the privacy notice. Principle 3: An organization should design choice and consent policies, procedures, and controls to: • Address the choices available to individuals and the consent to be obtained. • Communicate to individuals the choices available to them regarding the collection, use, and disclosure of personal information. • Communicate to individuals the consequences of refusing to provide personal information or denying or withdrawing consent to use personal information. • Ensure implicit or explicit consent obtained for the individual is confirmed and implemented.

WWW.ACFEI.COM • (800) 592-1399

rized by the individual. Entities that fail to obtain proper consent before collecting, using, or disclosing personal information may be subject to legal liability or sanctions when the obligation to obtain consent is required by law or self-regulation. Consequently, consultants should consider asking the advice of counsel because of applicable legal or industry standards (AICPA/CICA, 2009). Table 1 lists the Choice and Consent principles that an organization should follow.

4: Collection 4 Principle The Collection Principle requires that an organization

collect personal information only for the purposes identified in the notice (AICPA/CICA, 2009). It is pointed out that this practice precludes an organization from collecting personal information indiscriminately. The criteria presented in Principle 4 address issues relating to collection, communication, and documentation of confidential personal information. The detail requirements for designing privacy policies, procedures, and controls are show in Table 1.

5: Use & Retention 4 Principle This principle requires that an organization should limit

the use of personal information to the purposes identified in the notice and for which the individual has provided implicit or explicit consent (AICPA/CICA, 2009). Moreover, personal information should be retained for

only as long as necessary to fulfill the stated purposes. Principle 5 provides a set of criteria that should be followed when developing a privacy policy relating to the use and retention of personal information. The following should be done: • Design privacy policies that address the use, retention, and disposal of personal information • Communicate to individuals the use, retention, and disposal policies of personal information • Design procedures and controls to ensure that the use of personal information is only for purposes identified in the notice and only if the individual has provided consent, unless a law or regulation specifically requires otherwise • Design procedures and controls to ensure that personal information is retained for no longer than necessary to fulfill the stated purposes, unless a law or regulation specifically requires otherwise • Design procedures and controls to ensure that personal information no longer needed is anonymized, disposed of, or destroyed in a manner that prevents loss, theft, misuse, or unauthorized access (AICPA/ CICA, 2009)

6: Access 4 Principle Providing individuals with access to their personal

information for review, verification, and updating is one of the more critical privacy principles. Principle 6

• Ensure management confirms that third parties from whom personal information is collected are reliable sources that collect information fairly and lawfully. • Ensure individuals are informed if the entity develops or acquires information about them.

Principle 4: An organization should design collection policies, procedures, and controls to: • Address the collection of personal information. • Communicate to individuals that personal information is collected only for the purposes identified in the notice. • Communicate to individuals the types of personal information collected and the methods of collection used. • Document and describe the types of personal information collected and methods of collection in the privacy notice. • Ensure methods of collection are reviewed by management to confirm that personal information is obtained fairly and lawfully.

Principle 5: An organization should design access policies, procedures, and controls to: • Address providing individuals with access to their personal information. • Communicate to individuals how they may obtain access to their personal information to review, update, and correct that information. • Ensure individuals are able to determine whether the entity maintains personal information about them and, upon request, may obtain access to their personal information. • Ensure the confirmation of individuals’ identity before they are given access to that information. • Ensure personal information is provided to the individual in an understand-

able form, in a reasonable time frame, and at a reasonable cost. • Ensure individuals are informed—in writing—of the reason for denial of access. • Ensure individuals are able to update or correct personal information held by the entity. If practical and economically feasible to do so, the entity provides such updated or corrected information to third parties that previously were provided with the individual’s personal information. • Ensure individuals are informed, in writing, about the reason a request for correction of personal information was denied, and how they may appeal.

CE ARTICLE

• Obtain consent for new purposes and uses. • Obtain explicit consent from the individual for sensitive information. • Ensure consent is obtained before personal information is transferred to or from an individual’s computer or other similar device.

Principle 6: An organization should design disclosure policies, procedures, and controls to: • Address the disclosure of personal information to third parties. • Communicate to individuals that personal information is disclosed to third parties only for the purposes identified in the notice. Only information for which the individual has provided Summer 2011 THE FORENSIC EXAMINER®

AICPA/CICA’S GENERALLY ACCEPTED PRIVACY PRINCIPLES: A Tool for Forensic Accountants

specifically recognizes an individual’s right to access and a corresponding obligation of the organization to facilitate the individual’s right on request (AICPA/CICA, 2009). The forensic accountant should remember that an individual’s request for access to his/her personal information should always be documented, and the organization should respond to the request with due diligence and within a 30-day timeframe. Moreover, if there is a fee for processing an access request, the amount must be reasonable and communicated to the individual in a timely fashion. Table 1 lists what an organization should do when developing access policies, procedures, and controls.

7: Disclosure 4 Principle This GAPP principle requires that disclosure of per-

CE ARTICLE

sonal information to third parties should be for the purposes identified in the notice and only when the individual has given implicit or explicit consent (AICPA/CICA, 2009). In addition, the organization is obligated to disclose personal information only to third parties who provide substantially equivalent protection as does the original organization. In those cases where the third party further transfers disclosed personal information, such transfers should be permitted only where the transfer is also subject to practices affording an adequate level of protection. GAPP indicates that an organization should accomplish several things relating to disclosure policies and procedures. Table 1 lists the GAPP requirements.

consent should be disclosed, unless a law or regulation specifically allows or requires otherwise, and disclosure includes any limitation on the third party’s privacy practices and controls. • Communicate the privacy policies or other specific instructions or requirements for handling personal information to third parties to whom personal information is disclosed. • Ensure personal information is disclosed only for the purposes described 18

THE FORENSIC EXAMINER® Summer 2011

8: Security 4 Principle This GAPP principle requires an organization to protect

personal information against loss, misuse, unauthorized access, disclosure, alteration, and destruction (AICPA/CICA, 2009). Such information should be protected by physical, organizational, and technological measures that are appropriate to the sensitivity of the information. Significant harm can result to individuals if an organization does not have appropriate security measures in place to guard against unauthorized access; moreover, the organization can be held legally liable. Forensic accountants should recognize that the more sensitive the personal information, the greater the potential harm and need for increased security. Table 1 lists what an organization should do when developing security policies, procedures, and controls.

9: Quality 4 Principle The quality principle requires that personal information

that is collected, stored, and used should be accurate, complete, and relevant for the purposes identified in the notice (AICPA/CICA, 2009). Such personal information should be updated as needed to meet the identified purposes. This can be accomplished if the organization informs individuals of the existence, use, and disclosure of their personal information and provides access to that information to ensure its accuracy, completeness, and relevancy. The specific criteria outlined in GAPP regarding appropriate practice for ensuring information quality indicate that an organization should do the following:

in the notice, and only information for which the individual has provided consent will be disclosed, unless a law or regulation specifically allows or requires otherwise. • Ensure personal information is disclosed only to third parties that have agreements with the entity to protect personal information in a manner consistent with the relevant aspects of the entity’s privacy policies or other specific instructions or requirements. • Ensure personal information is disclosed to third parties for new purposes or uses only with the prior implicit or explicit consent of the individual. • Ensure that the entity takes remedial action in response to misuse of personal information by a third party to whom the entity has transferred such information. Principle 7: An organization should design security policies, procedures, and controls to:

• Address the security of personal information. • Communicate to individuals the precautions that are taken to protect personal information. • Ensure that a security program has been developed, documented, approved, and implemented that includes administrative, technical, and physical safeguards to protect personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. • Ensure logical access to personal information is appropriately restricted. • Ensure physical access to personal information in any form is appropriately restricted. • Ensure personal information, in all forms, is protected against accidental disclosure due to natural disasters and environmental hazards. • Ensure personal information is protected when transmitted by mail or other physical means. Personal infor-

WWW.ACFEI.COM • (800) 592-1399

• Design privacy policies that address the quality of personal information • Communicate to individuals that they are responsible for providing the entity with accurate and complete personal information and for contacting the entity if correction of such information is required • Design procedures and controls that ensure personal information is accurate and complete for the purposes it will be used • Design procedures and controls that ensure personal information is relevant to the purposes for which it is to be used (AICPA/CICA, 2009)

10: Monitoring & Enforcement 4 Principle The last GAPP principle focuses on an organization’s

responsibility to monitor compliance with its privacy policies and procedures and to have procedures in place to address privacy-related inquiries, complaints, and disputes. Forensic accountants and their clients should recognize that individuals have a right to challenge an organization’s compliance with stated privacy policies and procedures. When challenges are made, the organization should explain its procedures and identify the various avenues of recourse available. GAPP provides specific, detailed instructions for monitoring and enforcement policies, procedures, and controls (AICPA/CICA, 2009). Table 1 lists these items.

Principle 8: An organization should design monitoring and enforcement policies, procedures, and controls to: • Address the monitoring and enforcement of privacy policies and procedures. • Communicate to individuals how to contact the entity with inquiries, complaints, and disputes. • Ensure a process is in place to address inquiries, complaints, and disputes.

CE ARTICLE

mation is collected and transmitted over the Internet, over public and other nonsecure networks and wireless networks by deploying industrystandard encryption technology for transferring and receiving personal information. • Ensure personal information stored on portable media or devices is protected from unauthorized access. • Ensure tests of the effectiveness of the key administrative, technical, and physical safeguards protecting personal information are conducted at least annually.

Exceptions to Selected Privacy Principles Interestingly, the AICPA/CICA’s GAPP framework (2009) recognizes that in certain instances it is appropriate for an organization to breach privacy regarding personal information. Table 2 presents those instances set forth in GAPP where it is permissible to collect, use, and/or disclose personal information without the consent or knowledge of the individual. Clearly in those situations where the health and wellbeing of an individual is at stake and consent cannot be obtained on a timely basis, collection, use, and disclosure of personal information is appropriate. Also, in cases where the collection of an individual’s personal information with his or her knowledge can result in compromising the availability or accuracy of such information, obtaining the individual’s consent would not be appropriate. An example of this would be a criminal investigation. GAPP points out that an organization may collect, use, and/or disclose personal information without the individual’s consent or knowledge if the information is solely for statistical, journalistic, artistic, literary, research, or scholarly purposes (AICPA/CICA, 2009). In all instances where personal information is publicly available, there is no need to acquire an individual’s consent to utilize their information. Forensic accountants should note the massive authority possessed by government institutions to request personal information. “Disclosure” in Table 2 indicates that government organizations can request personal information, with or without the individual’s consent or knowledge, if it is needed in administering any federal or state program.

• Ensure every complaint is addressed and the resolution is documented and communicated to the individual. • Ensure compliance with privacy policies and procedures, commitments, and applicable laws, regulations, service-level agreements, and other contracts is reviewed and documented and the results of such reviews are reported to management. If problems are identified, remediation plans should be developed and implemented. • Ensure instances of noncompliance with privacy policies and procedures are documented and reported, and, if needed, corrective measures are taken on a timely basis. • Ensure ongoing procedures are performed for monitoring the effectiveness of controls over personal information, based on a risk assessment, and for taking timely corrective actions where necessary. Source: AICPA/CICA’s GAPP Privacy Task Force, Generally Accepted Privacy Principles (2009) Summer 2011 THE FORENSIC EXAMINER®

AICPA/CICA’S GENERALLY ACCEPTED PRIVACY PRINCIPLES: A Tool for Forensic Accountants

TABLE 2: Instances Where Collection, Use, & Disclosure of Personal Information Without Consent is Appropriate Collection: • Whenever collection is clearly in the interests of the individual and consent cannot be obtained in a timely way. • When it is reasonable to expect that the collection with the knowledge or consent of the individual would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of federal or state law. • The collection is solely for journalistic, artistic, or literary purposes. • The information is publicly available. Use:

CE ARTICLE

• If the use is clearly in the individual’s interest and consent is not available in a timely way. • If knowledge and consent would compromise the availability or accuracy of the information, and collection were required to investigate a breach of an agreement or contravention of a fedConclusion Organizations are coming under increased scrutiny when it comes to the safety of customer, patient, or employee personal information. Because such information is often stored on portable devices and disseminated using Internet or wireless technology, unauthorized access to personal information has become easier than in past periods. Organizations must take special precautions to safeguard personal information that is in their care. Because of their training and skills, forensic accountants are in an excellent position to provide assistance to organizations regarding the development of privacy policies and procedures that promote the safety and confidentiality of personal information and can assist with monitoring the system of safeguards to ensure their continued effectiveness. The AICPA/CIAC’s GAPP offers guidance and best practices for designing and implementing a sound privacy program. Using GAPP, forensic accountants can provide advice to their clients about privacy issues and risks and can assist in developing and implementing a good privacy protection program. Consequently, forensic accountants who are interested in expanding their practice by of-

THE FORENSIC EXAMINER® Summer 2011

eral or state law. • If the entity has reasonable grounds to believe that information could be useful when investigating a contravention of a federal, state, or foreign law and the information is used for that investigation. • If there is an emergency that threatens the individual’s life, health, or security. • If the use is for statistical or scholarly study or research. • If the personal information is publicly available. Disclosure: • To a lawyer representing the entity. • To collect a debt the individual owes to the entity. • To comply with a law, a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction. • To a government institution requesting the information under lawful authority and indicating that disclosure is for the purpose of: fering assistance in the area of privacy risk are encouraged to become familiar with the provisions of the AICPA/CIAC’s GAPP in order to better assist their clients. REFERENCES American Institute of Certified Public Accountants and Canadian Institute of Chartered Accountants (Updated 2009). AICPA/CICA Privacy Task Force,

• Enforcing, carrying out an investigation, or gathering intelligence relating to any federal, state, or foreign law • National security or the conduct of international affairs • Administering any federal or state law • If made by an investigative body for the purposes related to the investigation or a breach of an agreement or a contravention of a federal or state law. • In an emergency threatening an individual’s life, health, or security. • For statistical purposes, scholarly study, or research, or to an archival institution. • Twenty years after the individual’s death or 100 years after the record was created. • If publicly available. Source: AICPA/CICA’s GAPP Privacy Task Force, Generally Accepted Privacy Principles 2009 (items from various GAPP principles) Generally Accepted Privacy Principles. Retrieved from http: www.aicpa.org/privacy Japsen, B. (2009, October 14). Blue cross warns doctors about stolen identification data. Chicago Tribune. Retrieved from http://archives. chicagotribune.com/2009/oct/14/business/ chi-biz-doctors-identification-stolen Rosencrance, L. (2006, December 14). Boeing laptop with data on 382,000 employees stolen. Computerworld. Retrieved from http://www.computerworld. com/s/article/9006098/Boeing_laptop.pdf n

ABOUT THE AUTHOR WALTER A. ROBBINS, DBA, CPA, CR.FA, CFF Dr. Robbins earned a Doctor of Business Administration (DBA) from the University of Tennessee and a Master of Accountancy from Virginia Tech. He is a Certified Public Accountant (CPA), a Certified Forensic Accountant (Cr.FA), and he has earned the credential of Certified in Financial Forensics (CFF) by the American Institute of Certified Public Accountants. He is the Roddy-Garner Professor of Accounting in the Culverhouse School of Accountancy at the University of Alabama. He holds membership in the American College of Forensic Examiners International, the Government Finance Officers Association, the American Institute of Certified Public Accountants, and the American Accounting Association. Dr. Robbins has written extensively on accounting and financial reporting issues and his research has appeared in a number of academic and professional journals. He is also a partner in the firm of Financial Forensics Consulting Group, LLC.