External privacy policies are typically pretty straightforward. How are you going to use visitor data? How are you going to protect it? How will it not be used? You want to keep as much of your rights to use their data to your benefit without putting off visitors. Examples of privacy policies are available on most web sites you visit as well as sites that help you generate privacy policies.
Internal privacy policies are less straightforward, but very important to implement. Without one, employees can do random things online that put your company in jeopardy – from sharing proprietary information to bad mouthing customers.
Some of the questions you want to consider are:
1. What kinds of sensitive information should employees never share?
2. Are there other types of information they need to be careful about sharing?
3. Who can represent the company online?
4. How are employee records, such as personal information, medical history, etc. handled?
5. Are there any restrictions around email and Internet usage?
6. Who is responsible for internal systems and access, such permissions, and access to files?
7. Are there any established laws and regulations we need to follow?
8. What are the consequences for violating the policy?