The privacy response process should not end with the recording, tracking, and resolution of an issue. How will a company know whether it is getting better with regard to privacy relations? How can a company determine whether a particular product group is “getting” (or not) the message about how to mitigate privacy problems or whether a particular group should be charged for an inordinate number of issues?
No privacy response process is complete without a reporting mechanism. On at least a monthly basis, each PRC report should be examined. These reports should include the following details:
Type of customers submitting issues
Enterprise, including industry
Total issues by category
By type of privacy ...