In the not too distant past, many organizations viewed the data that they kept on individuals as business property, to be used as the organization determined appropriate. Today, many of the world’s leading markets have adopted regulations that restrict how and when organizations may use those data, and afford the subject individuals rights to access and correct those data. Nations have even adopted regulations that impact how an organization may use such data outside of that nation. Consumer awareness of privacy matters has also risen, creating marketing risks to organizations that are not concerned with data privacy.
From A Guide to Cross-Border Privacy Impact Assessment by Thomas J. Karol
Auditors have a role in privacy issues by understanding the implications as well as building privacy considerations in their audits. This purpose of this page is to provide auditors with links to privacy information. It should by no means be considered comprehensive. If you have links or information that you would like to share, please contact us.
- Conducting a Privacy Audit from the Government of Alberta
Health Insurance Portability and Accountability Act (HIPAA)
- Federal Rules for HIPAA
- HIPAA - Privacy And Security Audit For Provider Practices
- HIPAA Privacy Audit Program
Gramm-Leach-Bliley Act (GLBA)
Fair Credit Reporting Act (FCRA)
- FCRA Federal Trade Commission rules
Children's Online Privacy Protection Act (COPPA)
- COPPA Rules Federal Trade Commission rules
Family Education Rights and Privacy Act (FERPA)
- FERPA Rules Department of Education Rules