A
policy that documents and governs an organization’s or entity’s handling
practices of personal information. A
Privacy Policy provides information regarding the organization, describes how
the organization collects, uses, retains and discloses personal information,
describes the data subjects rights, information regarding their website and
cookies or tracking devices, etc. An
internal privacy policy instructs employees on the collection and the use of
the data, specific rights they may have, their responsibilities in handling the
data, etc.
Related Articles
Record Retention Policy
Covers all aspects of a company’s policies and procedures in dealing with the storage and destruction of information records, both paper and electronic.
Privacy Assessment
An assessment of an organization’s compliance with its privacy policies and procedures, applicable laws, regulations, service-level agreements, standards adopted by the entity and other contracts. The assessment or audit measures how closely the ...
Privacy Notice
A statement made to a data subject that describes how the organization collects, uses, retains and discloses personal information. A privacy notice is sometimes referred to as a privacy statement, a fair processing statement or sometimes a privacy ...
Privacy by Design
The concept that organizations need to build privacy directly into technology, systems and practices at the design phase, thereby ensuring the existence of privacy from the outset. Originating in the mid-1990s by the Information and Privacy ...
Privacy (Data Protection) Officer
An official responsible for the coordination and implementation of all privacy, data protection and confidentiality efforts within an organisation. They are generally responsible to Data Protection Authorities (DPAs) or senior management for ensuring ...