TY - JOUR
T1 - The views of privacy auditors regarding standards and methodologies
AU - Toy, Alan
AU - Lau, David
AU - Hay, David
AU - Gunasekara, Gehan
N1 - Funding Information:
The authors acknowledge financial support from the Grant Program for Promotion of International Joint Research provided by the International Office, Waseda University.
Publisher Copyright:
© 2019, Emerald Publishing Limited.
PY - 2019/6/11
Y1 - 2019/6/11
N2 - Purpose: This paper aims to uncover the practices of different privacy auditors to reveal the extent of any similarities in such practices. The purpose is to investigate the drivers of practices used by privacy auditors and to identify potential for improvements in the practice of privacy auditing so that privacy audits may better serve stakeholders. Design/methodology/approach: Six semi-structured interviews with seven privacy auditors and regulators and an analyst across Australia, Canada, New Zealand and the USA are used as the basis for our analysis. Findings: The study shows that some privacy auditors view privacy as an organizational issue, which means that all staff within an organization should understand the privacy issues that are relevant to the organization and to its customers. Because this practice goes beyond a mere compliance approach to privacy auditing, it indicates that there is a way to avoid the approach of merely applying standards from national data privacy laws which is an approach that has been subject to criticism because it is not applicable to the current situation of global applications and cross-border data. The interview themes demonstrate that privacy audits face significant challenges, such as the lack of a privacy auditing profession and the difficulty of raising the awareness of organizations and individuals regarding information privacy rights and duties. Originality/value: Privacy auditing is mostly unexplored by academic research and little is known about the drivers behind the practice of privacy auditing. This study is the first to document the views of privacy auditors regarding the practices that they use. It also presents novel results regarding the drivers of the practice of privacy auditing and the interests of the beneficiaries of privacy audits. It builds on research that argues for the existence of best practices for privacy (Toy, 2013; Toy and Hay, 2015) and it extends this argument by providing reasons why privacy auditors may benefit from the use of best practices for privacy.
AB - Purpose: This paper aims to uncover the practices of different privacy auditors to reveal the extent of any similarities in such practices. The purpose is to investigate the drivers of practices used by privacy auditors and to identify potential for improvements in the practice of privacy auditing so that privacy audits may better serve stakeholders. Design/methodology/approach: Six semi-structured interviews with seven privacy auditors and regulators and an analyst across Australia, Canada, New Zealand and the USA are used as the basis for our analysis. Findings: The study shows that some privacy auditors view privacy as an organizational issue, which means that all staff within an organization should understand the privacy issues that are relevant to the organization and to its customers. Because this practice goes beyond a mere compliance approach to privacy auditing, it indicates that there is a way to avoid the approach of merely applying standards from national data privacy laws which is an approach that has been subject to criticism because it is not applicable to the current situation of global applications and cross-border data. The interview themes demonstrate that privacy audits face significant challenges, such as the lack of a privacy auditing profession and the difficulty of raising the awareness of organizations and individuals regarding information privacy rights and duties. Originality/value: Privacy auditing is mostly unexplored by academic research and little is known about the drivers behind the practice of privacy auditing. This study is the first to document the views of privacy auditors regarding the practices that they use. It also presents novel results regarding the drivers of the practice of privacy auditing and the interests of the beneficiaries of privacy audits. It builds on research that argues for the existence of best practices for privacy (Toy, 2013; Toy and Hay, 2015) and it extends this argument by providing reasons why privacy auditors may benefit from the use of best practices for privacy.
KW - Auditing
KW - Privacy
KW - Privacy auditing
UR - http://www.scopus.com/inward/record.url?scp=85065019720&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85065019720&partnerID=8YFLogxK
U2 - 10.1108/MEDAR-07-2018-0367
DO - 10.1108/MEDAR-07-2018-0367
M3 - Article
AN - SCOPUS:85065019720
SN - 2049-372X
VL - 27
SP - 366
EP - 398
JO - Meditari Accountancy Research
JF - Meditari Accountancy Research
IS - 3
ER -