AuditNet Auditor's Guide to Privacy Resources
In the not too distant past, many organizations viewed the data that they kept on individuals as business property, to be used as the organization determined appropriate. Today, many of the world’s leading markets have adopted regulations that restrict how and when organizations may use those data, and afford the subject individuals rights to access and correct those data. Nations have even adopted regulations that impact how an organization may use such data outside of that nation. Consumer awareness of privacy matters has also risen, creating marketing risks to organizations that are not concerned with data privacy.
From A Guide to Cross-Border Privacy Impact Assessment by Thomas J. Karol
Auditors have a role in privacy issues by understanding the implications
as well as building privacy considerations in their audits. This purpose of
this page is to provide auditors with links to privacy information. It
should by no means be considered comprehensive. If you have links or
information that you would like to share, please
contact us.
- Privacy Audit Manual - Credit Information from the Australian Government Office of the Privacy Commissioner.
- eSac Privacy Practices - article in ITAudit.org
- Information Systems Audit & Information Privacy by Roger Clarke Australian National University
- Legal Considerations in Designing and Implementing Electronic Processes A Guide for Federal Agencies
- Privacy Audit Checklist
- Conducting a Privacy Audit from the Government of Alberta
- The Privacy Audit: A Primer by Pamela Jerskey
Health Insurance Portability and Accountability Act (HIPAA)
- Federal Rules for HIPAA
- HIPAA - Privacy And Security Audit For Provider Practices
- HIPAA Privacy Audit Program
Gramm-Leach-Bliley Act (GLBA)
- GLBA Federal Trade Commission rules
- GLBA Audit Program
Fair Credit Reporting Act (FCRA)
- FCRA Federal Trade Commission rules
Children's Online Privacy Protection Act (COPPA)
- COPPA Rules Federal Trade Commission rules
Family Education Rights and Privacy Act (FERPA)
- FERPA Rules Department of Education Rules
PRIVACY PROFESSIONAL ASSOCIATIONS