Skip to main content
Log in

Decoding lessons from the Facebook Consent Decree: Does Sarbanes–Oxley foreshadow the future of privacy regulation?

  • Original Article
  • Published:
International Journal of Disclosure and Governance Aims and scope Submit manuscript

Abstract

This paper examines the utility of the Sarbanes–Oxley Act of 2002 to assist regulators engaged in privacy policy development. By exploring best practices employed by the financial reporting industry, and the specific terms of the Sarbanes–Oxley Act of 2002, the present research offers guidance for the incorporation into privacy regulation. The paper advocates that both the FTC/Facebook Court Order and the Sarbanes–Oxley Act of 2002 should be now be considered de facto minimum standards for American privacy policy, including required CEO certifications of industry obligations, establishment and maintenance of effective internal controls, required CEO, CFO and CPO certification of control compliance, disgorgement of ill-gotten gains by organizations and executives, requirement of independent third-party compliance review as well as independence of audit committees and privacy compliance staff and, finally, the establishment of, and compliance with, a regulatory oversight board similar to the PCAOB.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

Download references

Acknowledgments

The authors would like to offer a special thanks to Professor Peter Swire for his input and thoughts.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Mark A. McKnight.

Ethics declarations

Conflict of interest

On behalf of all authors, the corresponding author states that there is no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ryle, P.M., Bueltel, B.L., McKnight, M.A. et al. Decoding lessons from the Facebook Consent Decree: Does Sarbanes–Oxley foreshadow the future of privacy regulation?. Int J Discl Gov 19, 1–10 (2022). https://doi.org/10.1057/s41310-021-00124-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1057/s41310-021-00124-2

Keywords

Navigation