A privacy audit is designed to examine how an organization, such as a government agency, manages the personal information it collects. While a PIA is performed before a system is launched, privacy audits are conducted periodically on systems that are operational. The goal of an audit is to identify any deficiencies that need to be corrected.
For example, in 1999, Australia’s Office of Federal Privacy Commissioner (“OFPC”) conducted a pilot audit of government websites to assess whether they complied with the country’s information privacy principles. The OFPC conducted a more formal audit of compliance in 2000, and the results were presented to the various agencies. In May 2001, the OFPC initiated a follow-up audit of government websites to assess progress with compliance.
Privacy Compliance Audit: Commonwealth Government Web Sites 2001 (August 2001). The audit helped bring pressure on the agencies to conform to applicable government privacy standards.
Privacy Audits - Resources:
Australian government, “The Privacy Audit Process.”
Victoria (Australia) Privacy Commissioner, “Privacy Audit Manual” prepared by the and
Australian national privacy commissioner, “Privacy Audit Manual.”
Harvard Law School (US), “Privacy audit checklist.”
Back to Beginning of Chapter