Learning From the Past: Applying Concepts of the Sarbanes-Oxley Act to Restore Consumer Trust in Global Data Privacy
47 Pages Posted: 20 Aug 2023 Last revised: 19 Apr 2024
Date Written: August 18, 2023
Abstract
Today’s global data privacy landscape is comparable to that of the United States accounting scandal era of the early 2000s: a lack of accountability, transparency, oversight, and comprehensive regulation has led to complexity, confusion, exploitation, and distrust. Utilizing the successful groundwork laid by the Sarbanes-Oxley Act (SOx) and subsequent regulations, companies can regain consumer trust in the investment of their data, just as investor trust was restored post-SOx. This paper demonstrates how privacy policies, which are intended to be public-facing documents through which notice and informed consent decisions are based, should be treated like financial statements and Form 10-Ks: they should be prepared using standardized formats, include privacy risk disclosures, be attested to by executive leadership, and be subject to independent third-party audits. We also outline the benefits of not only establishing privacy internal controls, similar to their financial counterparts, but also testing these controls and having management attest to their effectiveness. Taking inspiration from the Committee of Sponsoring Organizations of the Treadway Commission (COSO), we put forward our own Privacy Cube designed to help companies understand how to navigate the establishment of a bespoke privacy control structure, beginning with the identification of privacy risk areas. Using the “SOx Effect” model positioned in this paper, we envision global privacy regulation and processes that focus privacy obligations on the restoration and preservation of consumer trust.
Keywords: sox, sarbanes-oxley, privacy, data privacy, data protection, corporate governance, data governance, trust, consumer risk, privacy cube, internal controls, risk identification, risk model, risk-based decisions, risk-based privacy
Suggested Citation: Suggested Citation