Abstract

http://ssrn.com/abstract=2271871
 


 



Privacy Disclosure and Auditing: An Exploratory Study


Penica Cortez


University of Auckland

David Hay


University of Auckland Business School

September 3, 2014


Abstract:     
This paper reports a study of privacy breaches in the U.S. from 2005-2011. We explore potential benefits of data privacy disclosure and auditing. Privacy auditing is a mechanism to help organisations to be vigilant in protecting information privacy, and to avoid penalties or damage to reputation and loss of customer trust. Recently, privacy audits have been imposed on several high-profile organizations, but little is known about the benefits of privacy audits. We examine whether companies with privacy disclosures in their audited financial statements (as a proxy for privacy audits) are more or less likely to incur subsequent privacy breaches, and whether companies incurring breaches are more or less likely to make privacy disclosures. The results show that there are empirical regularities. For most types of breach, and in our overall results, companies suffering a breach of privacy are more likely to disclose privacy risks afterwards. For some types of breach (unintended disclosure), disclosure of the risks is negatively related to subsequent privacy breaches although for some other types (intentional insider disclosure), disclosure before a breach is positively related to subsequent breaches. These results show that privacy disclosure in the audited financial statements is associated with certain types of privacy breaches and disclosure in the regulation section is associated with a greater number of records affected by the breach. There are potential benefits from greater use of privacy disclosure and auditing, and this area is worthy of further investigation.

Number of Pages in PDF File: 40

Keywords: Privacy auditing, Data privacy

JEL Classification: L86, M41, O34

working papers series





Download This Paper

Date posted: May 30, 2013 ; Last revised: September 17, 2014

Suggested Citation

Cortez, Penica and Hay, David, Privacy Disclosure and Auditing: An Exploratory Study (September 3, 2014). Available at SSRN: http://ssrn.com/abstract=2271871 or http://dx.doi.org/10.2139/ssrn.2271871

Contact Information

Penica Cortez
University of Auckland ( email )
Auckland
New Zealand
David Hay (Contact Author)
University of Auckland Business School ( email )
12 Grafton Rd
Auckland, 1010
New Zealand
Feedback to SSRN


Paper statistics
Abstract Views: 2,174
Downloads: 398
Download Rank: 41,349

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo7 in 0.453 seconds