This sample report focuses on the privacy compliance state at a financial institution. It addresses compliance with the Gramm-Leach-Bliley Act and uses a capability maturity continuum and gap analysis to illustrate the status of compliance. This tool provides direction for future privacy efforts, lists the steps taken to address identified risks, and compares them to best practices.
Sections in this report include an overview of work performed, current state of privacy compliance, progress toward compliance risks, best-practice gap analysis, steps taken to address identified risks compared to best practices, next steps toward best practices, and conclusions.
The following key observations were noted during the review:
- The process to ensure that the privacy statement is and remains accurate is inadequate.
- Control processes surrounding the release of customer information to other parties is lacking (e.g., using contracts, review processes and the employee manual).
- A formal process should be implemented to proactively manage, detect and control the impact of technology changes.