Creating or further developing a privacy program is no simple task, and successful and sustainable privacy programs are built on multiple foundational elements. This second article in a series on building an efficient global privacy program discusses those foundational elements, the gap analysis and ways to create an adaptable program with commentary from lead privacy officers at VMWare, Zillow, Yahoo, Toyota Financial Services, Johnson Controls and T‑Mobile. The first article addressed key features of a successful organizational structure, including where privacy sits; roles and responsibilities of the team; common reporting structures; and coordination with other business units. Subsequent installments will address implementation approaches, including use of frameworks and automation tools, and assessing, maintaining and updating the program. See “SEC Enforcement Action Illustrates Focus on Investment Adviser Obligation to Secure Client Information” (Jun. 23, 2016).