Privacy Disclosure and Auditing: An Exploratory Study

Penica Cortez

University of Auckland

David Hay

University of Auckland - Department of Accounting and Finance

August 21, 2013

This paper reports a study of privacy breaches in the U.S. from 2005-2011. We explore potential benefits of data privacy disclosure and auditing. Privacy auditing is a mechanism to help organisations to be vigilant in protecting information privacy, and to avoid penalties or damage to reputation and losing customer trust. Recently, privacy audits have been imposed on several high-profile organizations, but little is known about the benefits of privacy audits. We examined whether companies with privacy disclosures in their audited financial statements (as a proxy for privacy audits) were more or less likely to incur subsequent privacy breaches, and whether companies incurring breaches were more or less likely to make privacy disclosures. The results show that there are empirical regularities consistent with the privacy disclosures in the audited financial statements having some effect. Companies disclosing privacy risks are less likely to incur a breach of privacy related to unintentional disclosure of privacy information; while companies suffering a breach of privacy related to credit cards are more likely to disclose privacy risks afterwards. Disclosure after a breach is negatively related to privacy breaches related to hacking, and disclosure before a breach is positively related to breaches concerning insider trading. These results may be related to the risk of privacy breaches. Privacy disclosure in the regulatory risks section of a 10-K report is associated with a larger number of records affected by a breach of privacy. There are potential benefits from greater of privacy disclosure and auditing, and this area is worthy of further investigation.

Number of Pages in PDF File: 41

Keywords: Privacy auditing, Data privacy

JEL Classification: L86, M41, O34

working papers series

Download This Paper

Date posted: May 30, 2013 ; Last revised: August 22, 2013

Suggested Citation

Cortez, Penica and Hay, David, Privacy Disclosure and Auditing: An Exploratory Study (August 21, 2013). Available at SSRN: http://ssrn.com/abstract=2271871 or http://dx.doi.org/10.2139/ssrn.2271871

Contact Information

Penica Cortez
University of Auckland ( email )
New Zealand
David Hay (Contact Author)
University of Auckland - Department of Accounting and Finance ( email )
Private Bag 92019
Auckland 1001
New Zealand
+64 9 373-7599 (Phone)
+64 9 373-7406 (Fax)
Feedback to SSRN

Paper statistics
Abstract Views: 2,104
Downloads: 390
Download Rank: 41,459

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo1 in 0.360 seconds