With the release of Google’s new privacy policy and all of the issues being raised around it, it is a good time to think about our own privacy policies. This includes an external privacy policy, such as how we will and will not use visitor data gathered from a web site. It is also a good idea to address internal privacy policies (i.e. how employees handle company information).
External privacy policies are typically pretty straightforward. How are you going to use visitor data? How are you going to protect it? How will it not be used? You want to keep as much of your rights to use their data to your benefit without putting off visitors. Examples of privacy policies are available on most web sites you visit as well as sites that help you generate privacy policies.
Internal privacy policies are less straightforward, but very important to implement. Without one, employees can do random things online that put your company in jeopardy – from sharing proprietary information to bad mouthing customers.
Some of the questions you want to consider are:
1. What kinds of sensitive information should employees never share?
2. Are there other types of information they need to be careful about sharing?
3. Who can represent the company online?
4. How are employee records, such as personal information, medical history, etc. handled?
5. Are there any restrictions around email and Internet usage?
6. Who is responsible for internal systems and access, such permissions, and access to files?
7. Are there any established laws and regulations we need to follow?
8. What are the consequences for violating the policy?
CIO Services can help you create an effective Privacy Policy
Because of the importance of such policies, and the many issues that surround them, it can be valuable to use an outside resource to help you structure and create your internal privacy policy. Skyriver IT’s CIO Services help you understand how the strategic and people issues are affected by a privacy policy.
