AuditNet^® Audit-library::Auditors-guide-to-privacy-resources

In the not too distant past, many organizations viewed the data that they kept on individuals as business property, to be used as the organization determined appropriate. Today, many of the world’s leading markets have adopted regulations that restrict how and when organizations may use those data, and afford the subject individuals rights to access and correct those data. Nations have even adopted regulations that impact how an organization may use such data outside of that nation. Consumer awareness of privacy matters has also risen, creating marketing risks to organizations that are not concerned with data privacy.

From A Guide to Cross-Border Privacy Impact Assessment by Thomas J. Karol

Auditors have a role in privacy issues by understanding the implications as well as building privacy considerations in their audits. This purpose of this page is to provide auditors with links to privacy information. It should by no means be considered comprehensive. If you have links or information that you would like to share, please contact us.

• Conducting a Privacy Audit from the Government of Alberta

Health Insurance Portability and Accountability Act (HIPAA)

• Federal Rules for HIPAA
• HIPAA - Privacy And Security Audit For Provider Practices
• HIPAA Privacy Audit Program

Gramm-Leach-Bliley Act (GLBA)

• GLBA Federal Trade Commission rules
• GLBA Audit Program

Fair Credit Reporting Act (FCRA)

• FCRA  Federal Trade Commission rules

Children's Online Privacy Protection Act (COPPA)

• COPPA Rules Federal Trade Commission rules

Family Education Rights and Privacy Act (FERPA)

• FERPA Rules Department of Education Rules

PRIVACY PROFESSIONAL ASSOCIATIONS

• International Association of Privacy Professionals

• International Information Systems Security Certification Consortium