5. Confidentiality

Question 1

Accountants must respect ‘Duty of Confidentiality’ and not disclose confidential info.

(And ensure staff they manage/supervise do too)

Except where…

Answer 1

1) Proper specific AUTHORITY is rec’d from client or owner.

• Verbal acceptable ok but best in writing.
• Disclaimer to recipient info for their use only and given w/o financial responsibility on your part or your firms

2) Where there is a LEGAL DUTY to disclose.

• Where info required as evidence in a court of law.
  (Tell client & ask for authority; if refused wait for summons)
• When the law has been broken and the info has to be disclosed to the relevant authorities (Eg ML)

3) Where there is a PROFESSIONAL DUTY to disclose.

• To comply with the quality review of an IFAC member body or other relevant professional body.
• To respond to an inquiry by the Professional accounting body or by a regulatory body of an ethical, investigatory or disciplinary nature.
• To protect the professional interests of the accountant in legal proceedings
• To comply with technical standards and ethical requirements (IFRSs IASs etc … complex so seek advice first!)

Question 2

In addition to not disclosing ..

Answer 2

Accountants must not use OR Appear to use any info they have access to for their own personal advantage or for the advantage of a third party.

Question 3

Money Laundering

Answer 3

To move illegally acquired cash through financil systems so that it appears to be legally acquired.

• Proceeds of Crime Act 2001
• Terrorism Act 2000
• Money Laundering Regulations 2007
• MLR updated in June 2017 by
  The Money Laundering; Terrorist Financing; Transfer of Funds Regulations 2017

..which requires accountants to report immediately any suspicion to the National Crime Agency (NCA)

Question 4

Decision to disclose made … 3 considerations for accountant

Answer 4

1) Do you know all the FACTS and have EVIDENCE to back up? If not enough evidence use professional judgement to DECIDE EXTENT of disclosure.
2) Who is the RIGHT PERSON and HOW to COMMUNICATE IT. Ensure recipient has necessary authority to act on it.
3) Consider if you may FACE LEGAL CONSEQUENCES from diclosure and if so how serious.

!!! If unsure get advice/2nd opinion from solicitor or your accounting body’s advice line !!!

Question 5

In addition to Duty of Confidentiality to client
there is also data protection legislation..

DATA PROTECTION ACT 1998
(Enforced by ICO)

What are 2 points to describe it?

Answer 5

Gives individuals the right to know what information is help about them.

Provides a framework to ensure personal information is handled properly.

Question 6

In addition to Duty of Confidentiality to client
there is also data protection legislation..

DATA PROTECTION ACT 1998
(Enforced by ICO)

What are 2 ways it works?

Answer 6

1) States that anyone processing personal information must comply with 8 principles
(These make sure info is handled properly)

2) Provides individuals with importany rights, including the right to find out what personal information is held on a computer and paper records about them

Question 7

In addition to Duty of Confidentiality to client
there is also data protection legislation..

DATA PROTECTION ACT 1998
(Enforced by ICO)

What are the 8 principles for processing

Answer 7

1) Fairly and lawfully processed
2) Processed for limited purposes
3) Adequate, relevant and not excessive
4) Accurate and up-to-date
5) Not kept longer than necessary
6) Processed in line with individual’s rights
7) Secure
8) Not transferred to other countries w/o adequate protection

Question 8

In May 2018 it became manadatory for all orgs to adhere to the EU General Data Protection Regulation (GDPR)

UK nominated ICO (Information Commissioners Office) to regulate and enforce GDPR (max fines E20M / 4%)

Answer 8

Some Key characteristics:

1) It will be easier for a data subject to withdraw consent for use of PII
2) Data subject can ask for persnal data to be erased.
3) Parents & Guardians will be able to give consent for child’s data to be used.
4) Orgs must gain “Explicit” consent before processing sensitive personal data.
5) IP addresses, cookies & DNA will also be classed as ‘Personal data’
6) It will be easier and FOC for a data subject to see what personal data an organisation holds.
7) It will be easier to move data between service providers
8) Companie will face increased penalties for breaking the rules

Question 9

PII

Answer 9

Personal Identifiable Information

Question 10

The person in an organisation that controls information has a duty to..

Answer 10

inform the ICO of the organisation’s process for handling data