Measuring a privacy program

Assessing your organization’s privacy policy against established benchmarks in the Privacy Maturity Model (PMM) will identify successes and room for improvement, as well as next steps.

Establishing an effective privacy program for an organization is only one part of the puzzle; assessing its strengths and weaknesses requires measurement against existing standards.

How can the PMM help you measure your program?

The PMM is used to measure an organization’s privacy program against a recognized maturity model. Considered a useful tool for management, consultants and auditors to measure progress against established benchmarks, it identifies next steps to move a program forward.

Each of the 73 GAPP criteria is broken down according to five maturity levels, providing the organization with a picture of its existing policy and initiatives:

  • ad hoc
  • repeatable
  • defined
  • managed
  • optimized

The PMM recognizes that each organization’s privacy practices may be at a different level and will not all share the same requirements. It also recognizes that not all initiatives need to reach the highest level on the maturity model.