The issue of inadequate information privacy has led to many scholars and institutions finding techniques for securing data. Research on the controls aimed at improving the level of privacy and confidentiality is an important component of accounting. Accountants and accounting firms hold a lot of information belonging to their clients. The duty of firms and individuals to protect private information has led to the establishment and implementation of various control systems. The objective of control systems is to limit the access of unauthorized individuals to information. Confidentiality of a firm can be described as the ability of a firm to hold sensitive information that does not belong to them without sharing it with another party. Privacy controls refer to the measures taken to restrict access. Controls are meant to limit the number of people who can gain access to a particular item. Hence, accounting firms should invest in various controls to protect their client information. Research on confidentiality and privacy control is crucial. Today, individuals provide personal information to various organizations which may be abused if obtained by the wrong people. Individuals may steal information for various reasons. One of the reasons is impersonating an individual in order to fraudulently gain goods or services. Additionally, gaining an undue advantage over a competitor may tempt one to steal the competitor’s private information. By examining encryption and digital signature as methods of information security in accounting, one may notice some of the advantages and significance of using the technique as a way of protecting information.

Privacy and Confidentiality in Accounting

Privacy and confidentiality refer to the ability of accounting firms or accountants to protect the information provided to them by their clients from misuse. Private information is information which is not known to everyone (Amponsah, Boateng, & Onuoha, 2016). Clients provide sensitive information to accounting firms with the knowledge that the firms will use it only for the intended purpose (Amponsah, Boateng, & Onuoha, 2016). Using information provided by a client in confidence for material gain is legally prohibited. Clients provide information, such as the amount of money they pay all individual employees. Controls should be put in place to protect the information that has not been made public. Confidentiality on the part of an accountant can be broken on the following grounds. Privacy and confidentiality entails certain factors in the policy that allow the privacy of information and specific conditions to be realized. First, the policy must apply when the holder of the information is given permission to use the information and share some of the crucial aspects with a third party (Amponsah, Boateng, & Onuoha, 2016). Another condition is when the client is being investigated by the government for crimes, such as fraud. The holder is required to release the information upon receiving a court order for investigation (Amponsah, Boateng, & Onuoha, 2016). In some cases, the company is publicly traded and has shareholders that have stake in the business, so the accountant is expected to release information to the public, since it is the law that applies to such firms. By doing this, the accountant shares information with the shareholders, which helps in the process of decision making.

Confidentiality on the part of an accountant helps build trust with the client they serve. A client will be able to trust an accountant with information about themselves when trust exists (Amponsah, Boateng, & Onuoha, 2016). The trust of a client is earned by ensuring the information offered in confidence is kept private. Maintaining confidentiality will improve client cooperation. Cooperation on the part of a client enables an accountant to conduct the necessary activities more efficiently. A cooperating client will provide the required documents when requested and fulfill various requests (Amponsah, Boateng, & Onuoha, 2016). Efficiency in the work produces accurate results in the final documents. A professional accountant owes their client a legal duty of care. When a professional accountant agrees to provide professional accounting services to a client, they enter into a contract. The contract requires the accountant to offer the client a duty of care (Amponsah, Boateng, & Onuoha, 2016). A professional accountant should ensure that the client does not suffer any undue distress due to their acts. Distress will be caused to an accountant’s client if the accountant makes the information provided in confidence public.

Criteria to Follow When Developing Control

Various criteria can be used to establish a system which will protect a client's privacy and confidentiality in an organization. The following measures can be put into action. An organization should make it known to the client on they have a right to either provide personal information or not (Peltier, 2016). Giving a client the choice will enable the client to determine whether they are comfortable with sharing personal information (Jouini, Rabai, & Aissa, 2014). In the event that the client is not willing to divulge personal information, the company should not threaten them. An organization’s privacy and confidentiality practices should be made known to the client before the information is collected. Making such practices known will enable the client to determine whether or not they are comfortable with providing private information (Peltier, 2016). The information collected from clients should be relevant to the services being offered to the client (Jouini, Rabai, & Aissa, 2014). In the case when a accounting firm’s aim is to file taxes for the client, information relating to taxes should be the only information collected. Collecting only relevant information will ensure that the client does not divulge too much information to the firm.

Qualified individuals should be the only ones who handle confidential information. The use of qualified individuals will ensure that due diligence is exercised when handling the information provided (Peltier, 2016). Clients should be given the option of modifying the information they provide, accessing it, and requesting for it to be disposed of (Jouini, Rabai, & Aissa, 2014). Giving clients such an alternative enables them to feel in control in such a situation. Therefore, clients become more willing to provide truthful information. In the process of sharing information with third parties, various procedures should be followed. Organizations should share confidential customer information with other companies in accordance with the established procedures (Jouini, Rabai, & Aissa, 2014). Such procedures include an organization only providing information to another organization which has the same level of privacy and confidentiality assurance (Jouini, Rabai, & Aissa, 2014). Organizations should not sell the confidential information provided by a client. Such an act can be viewed as the organization gaining undue advantage from its client.

Information should be safely disposed of after the intended purpose has been achieved. Proper disposal of information may include the use of shredding machines to destroy paper evidence (Peltier, 2016). Magnetically wiping off information from electronic devices, such as computers, is another method of disposing of data (Jouini, Rabai, & Aissa, 2014). Disposing of the information safely and effectively will ensure the information does not end up in the wrong hands. Adequate security should be put in place to control access to information. The use of passwords will limit the number of individuals accessing client information (Jouini, Rabai, & Aissa, 2014). The more sensitive the information is, the fewer people should have access to it (Peltier, 2016). Physical control can be used to prevent unauthorized individuals from accessing the records. Documents should be stored in locked safes and cabinets. Regarding electronic controls, qualified individuals should be hired to ensure that the controls work effectively (Peltier, 2016). Qualified individuals are more likely to notice and correct any defects in the control systems put in place.

An organization needs to determine the manner in which the information it holds is stored. Organizations which hold information in hard copy need to put physical controls in place in order to limit access to information (Peltier, 2016). Physical controls include ensuring that sensitive paper documents are always kept in locked storage units. Organizations which hold information in soft copy form, such as on computers, should ensure that the established controls are electronic (Peltier, 2016). Electronic controls include the use of digital signatures and passwords.

Reasons for Confidentiality and Privacy Controls

Increased cases of identity theft have resulted in organization implementing various confidentiality and privacy controls. Identity theft refers to a situation where an individual steals personal information to obtain goods or services fraudulently (Peltier, 2016). The individual who steals the information usually impersonates another individual (Jouini, Rabai, & Aissa, 2014). In most cases, the information that is used to impersonate someone includes social security numbers, debit cards, or insurance cards. Most organizations receive spam emails which are a major security concern. Spam emails refer to emails sent to individuals the aim of which is to promote or advertise a product or service. Spam emails are a concern as they may contain viruses or malware intended to illegally obtain or destroy information (Peltier, 2016). Spam emails are usually sent by individuals who want to gain unauthorized access to people’s information (Jouini, Rabai, & Aissa, 2014). Hacking is another concern for companies with various controls in place. Hackers usually gain unauthorized access to company servers with the aim of stealing information (Jouini, Rabai, & Aissa, 2014). The hackers usually break down the company's firewall to gain entry.

Most organizations use computers to process and store information. Therefore, the safeguards that are necessary are electronic in nature. The use of encryption is a safeguard that can be used. Encryption refers to the use of an algorithm and binary digits to transform a normal readable text into text that does not make sense. Later, it can be transformed into a normal readable text again (Peltier, 2016). Encryption is used if one is conveying information through the internet. Encryption is a measure taken to ensure that the information is not accessed by a wrong person. Encryption requires the intended recipient of the message to decrypt the message (Peltier, 2016). Both encryption and decryption require the use of a key. First, the key is used to encrypt the message, e.g. to convert the normal readable message into an unreadable configuration of numbers. The encrypted message is then sent using the internet to the recipient (Jouini, Rabai, & Aissa, 2014). The recipient later uses the key to decrypt the message from its unreadable form to the original readable form.

Accounting firms should use passwords to limit access to information. The use of passwords is a control technique in which the level of one’s seniority will determine the access one has to stored information (Peltier, 2016). Access to information is limited, especially if it is sensitive. This reduces the risk of employees of a company taking advantage of sensitive information. If a breach is realized in the system, individuals put in charge of managing the controls will revoke all passwords until the breach is fixed (Jouini, Rabai, & Aissa, 2014). The use of such techniques improves the level of security being offered, which improves the level of protection of information. Hashing is a technique which is used to encrypt information. It is a method used to verify whether a document is the same as the original copy (Jouini, Rabai, & Aissa, 2014). Hashing is capable of verifying the document, because similar documents provide similar hash value (Peltier, 2016). Thus, hashing is the most effective method of ensuring a document does not get altered. The use of digital signatures is a method which provides control and confidentiality. Digital signatures are usually produced from the use of hashing and encryption. The use of digital signatures will ensure that contracts entered into by two parties become legally binding.

Recommendation

Technological advancement brings about new opportunities and new challenges. Accounting firms have a legal obligation to protect the information offered to them by clients. The use of encryption, passwords, hashing, and digital signatures provide new solutions to the new challenges (Jouini, Rabai, & Aissa, 2014). The use of encryption is the most suitable method of storing the already processed data. Encryption of information makes it useless to the individuals who gain unauthorized access if they do not have the key to decrypt it. The use of digital signatures is useful to accounting firms, especially when entering into contracts. Digital signatures cannot be erased; thus, they provide proof of the two parties entering into a contract (Peltier, 2016). Accounting firms enter into contracts with their clients once the firms agree to provide various services to clients. If either party fails to uphold its side of the agreement, a legal redress can be obtained. Using passwords is likewise an effective method because it limits access of individuals to sensitive data (Jouini, Rabai, & Aissa, 2014). Accounting firms should consider using passwords because it will limit the number of people who can access certain information, improving the reliability of security measures put in place.

Conclusion

The research on various ways of protecting client information conducted and described above provides information on various measures that can be implemented. Increased incidences of information theft and selling of information have resulted in companies investing more in information security. The identified ways of protecting information have provided option that companies can take advantage of to secure their information. Improved security implies that client information is less likely to be stolen or altered. The performance of a company is heavily dependent on the ability of the company to provide services and protect its clients.