The views of privacy auditors regarding standards and methodologies
ISSN: 2049-372X
Article publication date: 24 April 2019
Issue publication date: 11 June 2019
Abstract
Purpose
This paper aims to uncover the practices of different privacy auditors to reveal the extent of any similarities in such practices. The purpose is to investigate the drivers of practices used by privacy auditors and to identify potential for improvements in the practice of privacy auditing so that privacy audits may better serve stakeholders.
Design/methodology/approach
Six semi-structured interviews with seven privacy auditors and regulators and an analyst across Australia, Canada, New Zealand and the USA are used as the basis for our analysis.
Findings
The study shows that some privacy auditors view privacy as an organizational issue, which means that all staff within an organization should understand the privacy issues that are relevant to the organization and to its customers. Because this practice goes beyond a mere compliance approach to privacy auditing, it indicates that there is a way to avoid the approach of merely applying standards from national data privacy laws which is an approach that has been subject to criticism because it is not applicable to the current situation of global applications and cross-border data. The interview themes demonstrate that privacy audits face significant challenges, such as the lack of a privacy auditing profession and the difficulty of raising the awareness of organizations and individuals regarding information privacy rights and duties.
Originality/value
Privacy auditing is mostly unexplored by academic research and little is known about the drivers behind the practice of privacy auditing. This study is the first to document the views of privacy auditors regarding the practices that they use. It also presents novel results regarding the drivers of the practice of privacy auditing and the interests of the beneficiaries of privacy audits. It builds on research that argues for the existence of best practices for privacy (Toy, 2013; Toy and Hay, 2015) and it extends this argument by providing reasons why privacy auditors may benefit from the use of best practices for privacy.
Keywords
Acknowledgements
The authors acknowledge financial support from the Grant Program for Promotion of International Joint Research provided by the International Office, Waseda University.
Citation
Toy, A., Lau, D., Hay, D. and Gunasekara, G. (2019), "The views of privacy auditors regarding standards and methodologies", Meditari Accountancy Research, Vol. 27 No. 3, pp. 366-398. https://doi.org/10.1108/MEDAR-07-2018-0367
Publisher
:Emerald Publishing Limited
Copyright © 2019, Emerald Publishing Limited