The AICPA/CICA Privacy Maturity Model (PMM) is based on Generally Accepted Privacy Principles (GAPP) and the Capability Maturity Model which has been in use for almost 20 years. In developing the PMM, it was recognized that each organization’s personal information privacy practices may be at various levels, whether due to legislative requirements, corporate policies or the status of the organization’s privacy initiatives. It was also recognized that, based on an organization’s approach to risk, not all privacy initiatives would need to reach the highest level on the maturity model. Each of the 73 GAPP criteria is broken down according to the five maturity levels. This allows entities to obtain a picture of their privacy program or initiatives both in terms of their status and, through successive reviews, their progress. (For more information, visit the CICA Privacy Resource Centre online.)
