Privacy auditing is performed by a range of professionals, including those within the disciplines of accounting/auditing and law. However, the range of services that may be called privacy audits is broad, and different organisations are approaching privacy audits in different ways. It is not possible to identify a set of standards for a privacy audit that the majority of privacy auditors would agree upon. This paper suggests that accountants and lawyers may reach agreement on a common theoretical basis and that this could produce standards for privacy audits that are capable of providing assurance to organisations that operate internationally, and to consumers in different countries.
Critical Theory provides a lens through which the practice of privacy auditing may be viewed. This allows for a study of privacy auditing that emphasises areas in which the practice may have room for improvement. It is suggested that privacy audits may be improved by the use of standards that come closer to harmonisation. This would provide the additional benefit of updating the standards to more modern criteria than are currently contained within the national information privacy laws.
Senior Lecturer in Commercial Law, The University of Auckland Business School.
© 2012 Journal of Law, Information & Science and Faculty of Law, University of Tasmania.