Will Public Release of Privacy Audits Be the Wave of the Future?
It’s pretty rare for a company to issue a press release after its privacy practices have been independently audited. Perhaps some have—and readers, please let me know—but companies generally don’t do such things.
That is, until this week.
The Associated Press reported the following:
“Facebook provided a copy of its letter to the FTC, along with a redacted copy of the auditor’s letter, to The Associated Press on Wednesday. The redacted portion contains trade secret information and does not alter the auditor’s findings, the company said. The audit, which found that Facebook’s privacy program met or exceeded requirements under the FTC’s order, covered written policies as well as samples of its data.”
Facebook, based on its settlement with the FTC, is “required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers' information is protected.”
This seems to be a good move for the social media giant because they essentially kill two birds with one stone: 1) they’re doing their due diligence and complying with FTC orders, and 2) they're getting good press. “Hey, everyone, our privacy practices are up-to-par!”
Facebook Chief Privacy Officer of Policy Erin Egan put it like this:
“We’re encouraged by this confirmation that the controls set out in our privacy program are working as intended…This assessment has also helped us identify areas to work on as Facebook continues to evolve as a company, and improve upon the privacy protections we already have in place. We will keep working to meet the changing and evolving needs of our users and to put user privacy and security at the center of everything we do."
Could this be the tip of the iceberg? Could it be an indicator of the future?
Publicly-traded companies undergo independent, quarterly reviews of their earnings. Could we start seeing a similar trend for privacy audits?
If so, a company’s focus on privacy will certainly be enhanced.
About the Author
As editor of the Privacy Perspectives, Jedidiah Bracy moderates the many views, angles and, well, perspectives that inform information privacy and all its adjacent professions.
In addition to editing the Privacy Perspectives, Bracy facilitates the vetting, writing, editing and curation for the Daily Dashboard, the IAPP Canada Dashboard Digest, the IAPP Europe Data Protection Digest and the IAPP ANZ Dashboard Digest. He writes feature articles for The Privacy Advisor on information privacy law, data protection and the privacy profession.
When not mulling over the current state of information privacy in the digital age, Bracy enjoys watching international soccer, listening to his music library and tasting a finely wrought craft beer. You can follow him @jedbracy