Our Privacy Audit Work Program is a detailed guide designed to assist organizations in conducting thorough privacy audits. It comprises two sample work programs with specific audit procedures and considerations. Sample 1 focuses on pre-fieldwork preparations, including verifying data handling practices, reviewing pertinent policies, and obtaining organizational charts. It also details the steps for engaging management and staff to ensure the relevance and practicality of privacy policies.

Sample 2 shifts focus to the project team's roles and the timing of various audit phases such as planning, fieldwork and report issuance. It elaborates on audit objectives that aim to solidify management's commitment to privacy controls, ensure proper system testing before implementation, and maintain adherence to established privacy policies and procedures. Each sample includes a series of project work steps that guide the auditor through managing and accessing risks associated with data collection, usage, sharing and disposal, emphasizing the importance of encryption, secure data transfer and compliance with applicable privacy laws.

Audit steps include:

• Obtain existing policies and guidelines related to privacy controls.
• Determine whether company employees should acknowledge their understanding of privacy control-related policies and guidelines.
• Discuss the types of data collected and the need to collect such information.
• Establish that backout procedures are developed for emergency changes.