Privacy Auditing Standards
Posted: 18 Sep 2014 Last revised: 1 Oct 2014
Date Written: September 16, 2014
Abstract
Privacy audits are an area of auditing practice that are becoming increasingly relevant to audit firms as well as to regulators such as privacy commissioners. Privacy audit reports can be a resource for consumers and groups representing them. However, there is limited consistency between the standards applied in privacy audits when compared across different auditors and across different jurisdictions. Inconsistency of standards reduces international comparability of privacy audits, thereby lowering their potential value to the entities subject to audit, and to users of the reports. We suggest a set of fundamental principles for privacy audits drawn from recent proposals for legislative and/or policy reform by leading official bodies in the US and the EU. We apply this framework to 30 privacy audit reports issued in five countries. The results show that few conform to the proposed fundamental principles. This inconsistency limits their value and effectiveness.
Keywords: Privacy Audits, Information Privacy, Data Protection, International Comparability, Assurance Services
JEL Classification: L86, M41, O34
Suggested Citation: Suggested Citation