Data Privacy Audit/Assurance Program 

 

Bookstore Purchase the Download:  Member US $25 | Non-Member US $50Data Privacy Audit Program

  Provide feedback on this document
Knowledge Center  Visit the Audit Tools and Techniques Knowledge Center community
Knowledge Center  Visit the Audit Guidelines Knowledge Center community


As corporations, governments, and non-profits identify and implement innovative ways to use data, their responsibilities for ensuring appropriate safeguards over the collection, storage, and purging of the data may be challenged. Additionally, as data is subject to emerging and changing regulatory requirements, those same challenges are heightened. The Data Privacy Audit/Assurance Program shares control objectives and controls in areas of data privacy beginning with data collection all the way through incident management.

Objective—Provide organizations with a means to assess the effectiveness of their practices around data governance for privacy, confidentiality, and compliance (DGPC) as well as alignment with external expectations.

The audit program covers the following areas. Included are examples of the topics addressed in each of the areas:

  • Privacy Management — Governance and privacy impact assessments
  • Data Management and Collection — Data use and retention; electronic and physical records management
  • Data Security — Access management to electronic data; data transfer
  • Third-Party Compliance and Contractual Agreements — Third-party interaction with data
  • Incident Management and Escalation — External party notification; cyber insurance