“I think privacy is one of the top issues of the 21st century. And I think we are in a crisis.”
I, personally, believe data privacy IS the top issue and this crisis should be on the lists of internal auditors everywhere.
(Especially with the recently exposed additional Facebook data failure – the discovery that critical personal information of 500 million+ Facebook users is still floating around in the virtual world – – – like we even should have needed another push!)
Let me explain why auditors should be paying attention, using more quotes from Cook in a recent (and excellent) podcast:
“If a business is built on misleading users on data exploitation, on choices that are no choices at all, then it does not deserve our praise. It deserves reform.”
Internal auditors, are you seriously engaged in the data privacy issue at your organization? Is data privacy the number one priority to your management or are they in need of reform? Is data privacy the number one priority within your audit plan? Or is your plan in need of reform? And what about your board? Are they asking about privacy and are you presenting information regarding privacy timely, effectively, and often enough? Or is that process in need of a reform as well?
“The individual should own their data. And they should own the ability to say who gets it and what of their data they get and what they use it for. And frankly, that’s not the situation of today.”
Internal auditors, what is the policy at YOUR organization around privacy? Simply put, this is a policy, as stated by Cook above, that organization’s need to embrace. And you can assist by ensuring the policy is prioritized, adopted, communicated, and enforced. It’s time to put on your consulting hat and go to work. (Remember, the definition of Internal Auditing includes assurance and consulting…)
“… data minimization, getting as little as you need, making sure you need what you’re getting, and challenging yourself to get less and less and less, and then security is the underpinning of privacy.”
I won’t harp on this one too much again, but this is clearly another policy issue that internal audit could help drive, monitor, and control. It is time for organizations to become lean when it comes to personal information retention. What can you do to help them focus on this (fantastic) idea of data minimization?
“I thought companies would regulate themselves and sort of get better. I no longer believe that.”
Internal auditors, here’s the good news: This is NOT going to happen without someone to push them in the right direction. We can play a critical role in getting privacy issues under control! This is an opportunity of a lifetime to get in front (remember, my stance is PROACTIVE, not Reactive) of an issue or crisis.
Here’s the bottom line:
If Internal auditors want to contribute in the 21st century, they can start by helping their organizations embrace Cook’s concept that privacy is a basic human right. If you view data privacy in that way, I guarantee both you, and your organization, will do things differently.
And seriously, listen to the podcast or read the transcript of the interview with Tim Cook. Even the title is great:
“Apple’s C.E.O. Is Making Very Different Choices From Mark Zuckerberg”
The many CHOICES he outlines are a game changer regarding the way we look at privacy. And you guys know how I love to talk about OUR CHOICES… 😉
**************
Need CPE in Auditing, Personal Development (CHOICES!), or Ethics? Book your virtual (or in-person!) training with Jo today! Email Jo@AuditConsultingEducation.com.
Amanda “Jo” Erven, CPA, CIA, CFE, is the President and Founder of Audit. Consulting. Education. LLC. After a successful career in external/internal audit and accounting, Jo is now an active Internal Audit Strategist, Management Consultant, Higher Education Professor, Author, and Trainer/Speaker, providing Continuing Professional Education (CPE) hours, live and virtually, to organizations across the globe. Jo’s motto says the most about her personal and professional outlook: “Good things come to those who wait… but don’t. You deserve better than good.” Every one of her books and presentations focuses on that proactive stance, and how we can immediately connect our actions to our values.