This report provides findings from the data privacy maturity assessment at any given company. The assessment scope primarily focused on the activities managed by the company’s corporate data privacy committee. An emphasis was placed on U.S. operations, though meetings with key international stakeholders were also conducted to evaluate the existence of any significant maturity deviations and/or gaps.
Private data considered in-scope included employee personally identifiable information (PII). Customer PII was reviewed at a high level to understand the type of information that is collected and stored, though was not the emphasis of the assessment. The assessment activities focused on policies and procedures to gain an understanding of data privacy practices and related controls.