IIA Releases Practice Guidance to Help Practitioners Tackle Privacy Issues
Protecting personal information is a formidable risk management issue for organizations.
The Institute of Internal Auditors has released a practice guide for practitioners to discuss privacy issues “in the world of global connectivity and information overload.”
“As consumers, we want personal information protected. As organizations we want to meet stakeholder expectations, keep contractual agreements, and comply with applicable laws and regulations,” the IIA stated.
Privacy is a global issue. Many countries have adopted legislation governing the use of personal information, as well as the export of information across borders. For businesses to operate effectively, they need to understand and comply with privacy laws.
Despite laws, media headlines have demonstrated the privacy and protection of personal information is not absolute. There are countless news stories about security breaches involving the loss or disclosure of personal information.
Stakeholders such as boards, audit committees or other oversight groups want assurance around the organization’s processes that protect private information. The Auditing Privacy Risks Practice Guide, which replaces GTAG 5: Managing and Auditing Privacy Risks, provides practitioners direction on meeting the complex expectations accompanying privacy issues.
IIA Practice Guides provide guidance for conducting internal audit activities. They represent strongly recommended guidance that includes detailed processes and procedures such as tools and techniques, programs, and step-by-step approaches for effective implementation of The IIA’s mandatory guidance.