IP addresses and personal information (was Re: [LINK] Fwd: On Line Opinion - 16 February 2007)

Ivan Trundle ivan at itrundle.com
Fri Feb 23 22:48:49 AEDT 2007 

On 23/02/2007, at 9:11 PM, Jan Whitaker wrote:

> At 08:32 PM 23/02/2007, Ivan Trundle wrote:
>> company) to have an independent audit each year: paid for by the
>> company, but if standard audit procedures are followed, this should
>> not make any difference - and won't be worth the trouble for
>> PriceWaterhouseCoopers.
>
> I would expect them to get financial audits according to the act,  
> but a privacy policy audit? I doubt it!

No, audits can - and mostly do - cover a wide range of activities,  
and not just financial information.

I won't go into the details of the Corporations Act (by which most  
Australian businesses are governed), but I can assure you that audit  
powers go far beyond simple financial information. I have had direct  
experience of the scope of a PricewaterhouseCoopers (and apologies  
for the typo in the earlier reference to PWC) audit process for a  
number of years, and there is little that successive audits have not  
touched on in the business that I was involved with through all of  
that time: including privacy issues - especially privacy and data  
collection issues, in fact.

> That would have been some type of purchased legal opinion to cover  
> their backs in case this question came up, IMHO.

 From a company perspective, sometimes, but rarely (and no business  
would be naïve enough to think that this would withstand normal  
scrutiny). It's all part of making an assessment of business risk and  
exposure.

Due diligence in these matters requires complying with the Act, and  
no auditor wishing to retain a reputation would allow directors of an  
audited company to dictate which aspects of the Corporations Act that  
they could overlook or pay lip service to.

  Incidentally, the Corporations Act is the largest corporate  
legislation in the world. It's several thousand pages long: http:// 
www.comlaw.gov.au/ will give you many different file formats of the  
statute, if you really want it.

iT

ps. Try Stephen Woolley's background paper, 'Data security and  
privacy audits': http://www.pcpd.org.hk/english/infocentre/files/ 
woolley-paper.doc

More information about the Link mailing list