Topic: How to create a privacy policy that protects your company and your customers

Concerns about online privacy continue to escalate, as breaches and leaks of personal information grow increasingly common. Here are the key issues your privacy policy needs to address.

Under privacy law, a privacy policy is a statement or legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer’s or client’s data. Typically, companies share this customer/client data with their third-party business partners. By annually informing customers/clients via mailed notices of company privacy practices concerning the collection and the distribution of customer/client data that is under company management, companies fulfill a legal requirement to protect a customer’s or client’s privacy. For example, here is Google’s privacy policy.

On an ongoing basis, data stewards within the organization, principally IT, are responsible for keeping corporate data secure and private.

Collectively, information privacy policies are important to IT, compliance officers, and others in the business because if customers/clients inform the company that they do not want their personal information collected or shared, companies must abide by these decisions; data on these individuals can’t be sold or distributed to others.

In organizations where customer/client data is extremely sensitive, such as in insurance, financial services, and healthcare, workers must practice privacy protections so that information is not inadvertently shared.

How to use these policy guidelines
How you develop and maintain your privacy policy will vary depending upon your business, your customers, and the industry vertical you are in. The guidelines below are broken into general categories you should take into account in your due diligence as you build your privacy policy. Depending on your business application, the key points within each topic will have different degrees of importance for you. Focus on those guidelines that are directly relevant to your business model as you formulate a policy that meets your company’s circumstances, but be sure to review the other topics so you don’t overlook another relevant area.

Who should be involved
A privacy policy is an internal matter that concerns employee conduct with sensitive information, but it also has significant impact and ramifications for your outside stakeholders, whether they are your board of directors and investors, your third-party business partners, or your customers. Therefore, to thoroughly cover all areas of privacy, an interdisciplinary team should work together in policy development. This team should include:

• IT
• The data steward of corporate information
• Compliance
• The administrative arm of the company that ensures that the company is current and compliant with privacy regulatory guidelines
• Legal staff, which is current on legislated law and on recent privacy case law and should always provide input into and perform due diligence on privacy drafts or revisions before they are enacted
• Third-party business partners who might want to use your customer information for marketing or research but must understand the limits of the information you can give them
  Adjunct staff business functions/contractors who need to access sensitive information because it directly affects their ability to do their jobs (e.g., a ‘guest’ surgeon requires access to a patient’s medical history in preparing for a delicate operation).

Topic Discussed: How to create a privacy policy that protects your company and your customers

Read Original Article