Consortium outlines framework for privacy audits
THE PERSONALIZATION CONSORTIUM on Wednesday issued a set of privacy principles and a framework for developing guidelines to conduct independent, third-party privacy audits.
The Wakefield, Mass.-based organization's new auditing framework is designed to create an industrywide standard for testing businesses' actual privacy practices against the companies' own principles, according to a statement from the Personalization Consortium.
"The model will be analogous to how businesses today follow General Accepted Accounting Principles when reporting their financial statements, which are then subject to independent audit," said Don Peppers, co-chair of the consortium, in a statement.
Privacy principles include informing individuals of the types of information collected, used, or shared for marketing purposes. Information disclosed may include methods for collecting information, how long information is kept, and whether or not the information is combined with that from multiple sources.
The principles provide for insuring the security of individual consumer information. In addition, they call for providing consumers with the choice of opting out of having their information collected.
The audit framework requires members of the consortium to undergo an annual privacy audit to assure compliance with the principles. Initially, qualified auditors will be required to be CPAs or CAs.
The Personalization Consortium plans to release comprehensive audit guidelines in the spring.