Send comments now to the AICPA on their Privacy Maturity Model

The PMM, based on Generally Accepted Privacy Principles (GAPP), outlines the expectations on each of the six levels of maturity in the Capability Maturity Model for each of the 73 criteria in GAPP. The PMM recognizes that an organization’s privacy practices may be at various levels or stages and that based on the organization’s privacy risk assessment, not all privacy initiatives need to reach the highest level. The PMM can serve as a valuable benchmarking tool and serve as a guide as to how practices in a certain area could be improved and strengthened.

Individuals and organizations are invited to submit comments on the PMM and attached user guide. Feel free to make comments directly on the draft documents by tracking changes and adding comments. To be considered, comments must be sent to nicholas.cheung@cica.ca by October 1, 2010.

The first set of questions I will raise with them (meeting this afternoon) are related to multi-tenant and multi-jurisdiction environments — cloudy privacy. The second question set is related to the optimized level. I have always found that organizations tend not to aim beyond a level three. Is five really meant to be practical or are four and five just holy grail stuff?