Learning From the Past: Applying Concepts of the Sarbanes-Oxley Act to Restore Consumer Trust in Global Data Privacy

47 Pages Posted: 20 Aug 2023

See all articles by Jared Maslin

Jared Maslin

University of California, Berkeley - School of Information; Good Research

Michelle Maslin


Date Written: August 18, 2023


Today’s global data privacy landscape is comparable to that of the United States accounting scandal era of the early 2000s: a lack of accountability, transparency, oversight, and comprehensive regulation has led to complexity, confusion, exploitation, and distrust. Utilizing the successful groundwork laid by the Sarbanes-Oxley Act (SOx) and subsequent regulations, companies can regain consumer trust in the investment of their data, just as investor trust was restored post-SOx. This paper demonstrates how privacy policies, which are intended to be public-facing documents through which notice and informed consent decisions are based, should be treated like financial statements and Form 10-Ks: they should be prepared using standardized formats, include privacy risk disclosures, be attested to by executive leadership, and be subject to independent third-party audits. We also outline the benefits of not only establishing privacy internal controls, similar to their financial counterparts, but also testing these controls and having management attest to their effectiveness. Taking inspiration from the Committee of Sponsoring Organizations of the Treadway Commission (COSO), we put forward our own Privacy Cube designed to help companies understand how to navigate the establishment of a bespoke privacy control structure, beginning with the identification of privacy risk areas. Using the “SOx Effect” model positioned in this paper, we envision global privacy regulation and processes that focus privacy obligations on the restoration and preservation of consumer trust.

Keywords: sox, sarbanes-oxley, privacy, data privacy, data protection, corporate governance, data governance, trust, consumer risk, privacy cube, internal controls, risk identification, risk model, risk-based decisions, risk-based privacy

Suggested Citation

Maslin, Jared and Maslin, Michelle, Learning From the Past: Applying Concepts of the Sarbanes-Oxley Act to Restore Consumer Trust in Global Data Privacy (August 18, 2023). Available at SSRN: https://ssrn.com/abstract=4545137 or http://dx.doi.org/10.2139/ssrn.4545137

Jared Maslin (Contact Author)

University of California, Berkeley - School of Information ( email )

102 South Hall
Berkeley, CA 94720-4600
United States

Good Research ( email )

828 San Pablo Ave
Suite 120D
United States

Michelle Maslin


Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
PlumX Metrics