Measuring a privacy program

Assessing your organization’s privacy policy against established benchmarks in the Privacy Maturity Model (PMM) will identify successes and room for improvement, as well as next steps.

Establishing an effective privacy program for an organization is only one part of the puzzle; assessing its strengths and weaknesses requires measurement against existing standards.

How can the PMM help you measure your program?

The PMM is used to measure an organization’s privacy program against a recognized maturity model. Considered a useful tool for management, consultants and auditors to measure progress against established benchmarks, it identifies next steps to move a program forward.

Each of the 73 GAPP criteria is broken down according to five maturity levels, providing the organization with a picture of its existing policy and initiatives:

  • ad hoc
  • repeatable
  • defined
  • managed
  • optimized

The PMM recognizes that each organization’s privacy practices may be at a different level and will not all share the same requirements. It also recognizes that not all initiatives need to reach the highest level on the maturity model.


Jointly presented by CPA Canada and CPA Ontario, The ONE is the must-attend, multi-track event of the year, designed for all CPAs who want to be at the top of their game.

Our Firm Directory allows you to search for Canadian CPA firms using our interactive map as well as other criteria.

You’re in the eye of the storm amid a swirl of slips, forms and receipts. Chart your way through tax-time turbulence with these updates and resources.