论文信息 - Privacy Auditing Standards

Privacy Auditing Standards

SUMMARY: Privacy audits are an area of auditing practice that are becoming increasingly relevant to audit firms as well as to regulators such as privacy commissioners. Privacy audit reports can be a resource for consumers and groups representing them. However, there is limited consistency between the standards applied in privacy audits when compared across different auditors and across different jurisdictions. Inconsistency of standards reduces international comparability of privacy audits, thereby lowering their potential value to the entities subject to audit, and to users of the reports. We suggest a set of fundamental principles for privacy audits drawn from recent proposals for legislative and/or policy reform by leading official bodies in the U.S. and the European Union. We apply this framework to 30 privacy audit reports issued in five countries. The results show that few conform to the proposed fundamental principles. This inconsistency limits their value and effectiveness.

David Hay | Alan Toy | D. Hay | Alan Toy

[1] Jens Wüstemann,et al. Why Consistency of Accounting Standards Matters: A Contribution to the Rules-Versus-Principles Debate in Financial Reporting , 2010 .

[2] Paul A. Pavlou,et al. State of the information privacy literature: where are we now and where should we go? , 2011 .

[3] D. Hay,et al. Privacy Disclosure and Auditing: An Exploratory Study , 2014 .

[4] Marleen Willekens,et al. The Role of Risk Management and Governance in Determining Audit Demand , 2006 .

[5] Peter T. Davis. Dysfunctional Controls: Useless, Impractical, Inefficient, and Poorly Designed , 2002 .

[6] Clive S. Lennox,et al. Voluntary Audits Versus Mandatory Audits , 2011 .

[7] A. Rashad Abdel-Khalik,et al. Why Do Private Companies Demand Auditing? A Case for Organizational Loss of Control , 1993 .

[8] Karim Jamal,et al. Privacy in E-Commerce: Development of Reporting Standards, Disclosure and Assurance Services in an Unregulated Market , 2002 .

[9] Alan R. White,et al. Taking Rights Seriously. , 1977 .

[10] R. Dworkin. Law's Empire , 1987 .

[11] Paul M. Schwartz,et al. The PII Problem: Privacy and a New Concept of Personally Identifiable Information , 2011 .