Privacy Auditing Standards

Posted: 18 Sep 2014 Last revised: 1 Oct 2014

See all articles by Alan Toy

Alan Toy

University of Auckland Business School

David Hay

University of Auckland Business School

Date Written: September 16, 2014

Abstract

Privacy audits are an area of auditing practice that are becoming increasingly relevant to audit firms as well as to regulators such as privacy commissioners. Privacy audit reports can be a resource for consumers and groups representing them. However, there is limited consistency between the standards applied in privacy audits when compared across different auditors and across different jurisdictions. Inconsistency of standards reduces international comparability of privacy audits, thereby lowering their potential value to the entities subject to audit, and to users of the reports. We suggest a set of fundamental principles for privacy audits drawn from recent proposals for legislative and/or policy reform by leading official bodies in the US and the EU. We apply this framework to 30 privacy audit reports issued in five countries. The results show that few conform to the proposed fundamental principles. This inconsistency limits their value and effectiveness.

Keywords: Privacy Audits, Information Privacy, Data Protection, International Comparability, Assurance Services

JEL Classification: L86, M41, O34

Suggested Citation

Toy, Alan and Hay, David, Privacy Auditing Standards (September 16, 2014). Auditing: A Journal of Practice & Theory, Forthcoming, Available at SSRN: https://ssrn.com/abstract=2497186

Alan Toy

University of Auckland Business School ( email )

12 Grafton Rd
Auckland, 1010
New Zealand

David Hay (Contact Author)

University of Auckland Business School ( email )

12 Grafton Rd
Private Bag 92019
Auckland, 1010
New Zealand

Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
1,113
PlumX Metrics