A privacy policy is a set of internal standards, policies and procedures that ensure your organization collects, uses, discloses, stores and destroys personal information appropriately.
A thorough privacy audit and self-assessment will help you determine the scope of the privacy policy you need to develop. Before continuing, discuss your privacy expectations and concerns with your organization’s employees and customers for additional feedback. You may also find that a related industry body has already considered many of the privacy compliance issues you’ve identified in your organization.
Once you’ve analyzed your organizations current state, you’re ready to develop your privacy policy, including your privacy complaints process.
A good privacy policy will suit your business and comply with the ten principles of privacy protection and the Personal Information Protection Act. However, the processes and procedures will vary depending on your organization and why you collect, use or disclose personal information.
The Personal Information Protection Policy Template (MS Word) offers a useful starting place for most organizations. Adjust the document to fit your organization by completing the highlighted areas.
Your privacy policy must include a privacy complaint process that is accessible and easy to understand. You must document this process and share it with both employees and customers.
The Office of the Information and Privacy Commissioner offers a number of tools and resources for private organizations.