Actually, I was thinking about my home page on BOL!
I'm not sure if the document is worthy to post, as it's more of a privacy risk assessment workpaper type document, versus a matrix of risk assessment elements.
The FDIC was encouraging us, and other banks, to develop a series of Privacy Risk Assessment Items/Issues, assign a level of risk, document the controls (of cited risks) that are in place and document a testing/audit/other schedule to re-affirm risk control.
That's the document that is available from me if anyone is interested.