Privacy audits are an area of auditing practice that are becoming increasingly relevant to audit firms as well as to regulators such as privacy commissioners. Privacy audit reports can be a resource for consumers and groups representing them. However, there is limited consistency between the standards applied in privacy audits when compared across different auditors and across different jurisdictions. Inconsistency of standards reduces international comparability of privacy audits, thereby lowering their potential value to the entities subject to audit, and to users of the reports. We suggest a set of fundamental principles for privacy audits drawn from recent proposals for legislative and/or policy reform by leading official bodies in the U.S. and the European Union. We apply this framework to 30 privacy audit reports issued in five countries. The results show that few conform to the proposed fundamental principles. This inconsistency limits their value and effectiveness.

You do not currently have access to this content.