Privacy management in online social networks (OSNs) is a major concern. However, the complexity of privacy policies and the plethora of privacy controls make it very difficult to assess whether the controls adequately implement the intended policies. This paper proposes a method to assess the degree of traceability between privacy policies and privacy controls in OSNs. The resulting analysis enables one to pinpoint key privacy management gaps that must be plugged. The method can be utilised by privacy watchdogs, user rights groups as well as OSNs themselves to assess the effectiveness of privacy measures.