Privacy Disclosure and Auditing: An Exploratory Study
University of Auckland
University of Auckland - Business School
September 3, 2014
This paper reports a study of privacy breaches in the U.S. from 2005-2011. We explore potential benefits of data privacy disclosure and auditing. Privacy auditing is a mechanism to help organisations to be vigilant in protecting information privacy, and to avoid penalties or damage to reputation and loss of customer trust. Recently, privacy audits have been imposed on several high-profile organizations, but little is known about the benefits of privacy audits. We examine whether companies with privacy disclosures in their audited financial statements (as a proxy for privacy audits) are more or less likely to incur subsequent privacy breaches, and whether companies incurring breaches are more or less likely to make privacy disclosures. The results show that there are empirical regularities. For most types of breach, and in our overall results, companies suffering a breach of privacy are more likely to disclose privacy risks afterwards. For some types of breach (unintended disclosure), disclosure of the risks is negatively related to subsequent privacy breaches although for some other types (intentional insider disclosure), disclosure before a breach is positively related to subsequent breaches. These results show that privacy disclosure in the audited financial statements is associated with certain types of privacy breaches and disclosure in the regulation section is associated with a greater number of records affected by the breach. There are potential benefits from greater use of privacy disclosure and auditing, and this area is worthy of further investigation.
Number of Pages in PDF File: 40
Keywords: Privacy auditing, Data privacy
JEL Classification: L86, M41, O34
Date posted: May 30, 2013 ; Last revised: September 17, 2014
© 2015 Social Science Electronic Publishing, Inc. All Rights Reserved.
This page was processed by apollo1 in 0.594 seconds