Privacy Disclosure and Auditing: An Exploratory Study

40 Pages Posted: 30 May 2013 Last revised: 17 Sep 2014

Penica Cortez

University of Auckland

David Hay

University of Auckland - Business School

Date Written: September 3, 2014

Abstract

This paper reports a study of privacy breaches in the U.S. from 2005-2011. We explore potential benefits of data privacy disclosure and auditing. Privacy auditing is a mechanism to help organisations to be vigilant in protecting information privacy, and to avoid penalties or damage to reputation and loss of customer trust. Recently, privacy audits have been imposed on several high-profile organizations, but little is known about the benefits of privacy audits. We examine whether companies with privacy disclosures in their audited financial statements (as a proxy for privacy audits) are more or less likely to incur subsequent privacy breaches, and whether companies incurring breaches are more or less likely to make privacy disclosures. The results show that there are empirical regularities. For most types of breach, and in our overall results, companies suffering a breach of privacy are more likely to disclose privacy risks afterwards. For some types of breach (unintended disclosure), disclosure of the risks is negatively related to subsequent privacy breaches although for some other types (intentional insider disclosure), disclosure before a breach is positively related to subsequent breaches. These results show that privacy disclosure in the audited financial statements is associated with certain types of privacy breaches and disclosure in the regulation section is associated with a greater number of records affected by the breach. There are potential benefits from greater use of privacy disclosure and auditing, and this area is worthy of further investigation.

Keywords: Privacy auditing, Data privacy

JEL Classification: L86, M41, O34

Suggested Citation

Cortez, Penica and Hay, David, Privacy Disclosure and Auditing: An Exploratory Study (September 3, 2014). Available at SSRN: https://ssrn.com/abstract=2271871 or http://dx.doi.org/10.2139/ssrn.2271871

Penica Cortez

University of Auckland ( email )

Auckland
New Zealand

David Hay (Contact Author)

University of Auckland - Business School ( email )

12 Grafton Rd
Auckland, 1010
New Zealand

Paper statistics

Downloads
477
Rank
46,899
Abstract Views
3,727