Monday, January 30, 2017

Does Your Company have a Privacy Policy? Why You Need One Now!

Created by Kimberly Kline, API

Having a Privacy Policy for your business is a great way to let your Employees and Customers know that you take their security seriously.  
It is a crucial step in ensuring their PII (Personally Identifiable Information) is handled safely and thoughtfully.

Your Privacy Policy, or Privacy Statement, should have two versions.  One that will appear on your website and one for the Owners, Managers, and Employees of your company.

The “public” online version should include the purpose and an overview of your policy.  It should also cover the key elements within your policy.

The purpose section is where you share why you have created a Privacy Policy.  Explaining that you recognize the need to maintain the confidentiality of personal information and that you are dedicated to the protection of it throughout your company is key.

Your online version will include an outline of your policy’s key elements.  It should explain what type of information is considered PII, how you retain that information within your company, and the training you give your employees and contractors in the safe handling of PII.

It should also share how PII is transmitted to your employees / contractors, your adherence to all regulatory requirements concerning PII, and your dedication to the confidentiality of this information.  Including your commitment to discipline, re-train, suspend, and/or terminate anyone violating your Privacy Policy is also important.

Why Your Business Needs a Privacy Policy Now!  “Tweet This”


While that covers the public version of your Privacy Policy, it is also important that you have a more comprehensive, internal version, for your employees and contractors.


Your in-house Privacy Policy will include 
all the key elements of your public policy, 
in addition to adding more detailed information that is specific to you and your company.

To make it truly informative, this internal policy statement should start by including specific examples of PII.  This will help your new and existing employees recognize exactly what they should look for and safeguard.

Under your Retention section, it is important you detail how long your company retains PII information and your procedures for its disposal. 

Addressing employee and contractor training is also important. Reinforcing your dedication to safeguarding PII, when and how you initiate the training, and emphasizing mandatory compliance should be your focus.  In addition, you should explain your commitment to ongoing observation and internal audits for potential violations.

It would also be wise to include the “minimum necessary” and “need to know” principles in your Privacy Policy.  Making sure to limit access to PII to only those employees and contractors that absolutely require it to do their jobs is the best practice.

Your internal Privacy Policy should also be more detailed when it comes to addressing data on portable devices and off-site access. Requiring anyone with access to PII to use only assigned, approved devices makes sense.

When it comes to regulatory requirements concerning PII, you need to state in your policy your commitment to complying with existing laws and staying abreast of any changes to those laws. Assigning this specific duty to one or two designated employees helps.

Finally, your detailed in-house Privacy Policy must outline what will happen in the event there is a violation or breach in your PII protocol.  Be sure to completely explain the penalties for a first or subsequent offense so your employees and contractors understand the consequences of not following PII policy. 
Created by Kimberly Kline, API


Taking a conscientious approach when it comes to recognizing what data is considered PII, training employees in 
how to handle it properly, 
and creating a sound Privacy Policy 
makes sense.  

It shows your customers and clients 
your commitment to keeping 
their personal information safe…..
and that is good for you and your company! 

Authored by   






To find out more about what is considered PII and how you can train your employees and contractors to safeguard it properly, check out my article; “Tips to Help You Safeguard PII in Your Small Business”!  



Need Help Starting or Growing Your Business?  Contact Us!
Our Services include Business Mentoring, 
Hiring and Job Search help, and 
Security for Your Company!  
Find out more About Us too!

2 comments:

  1. I always thought privacy policies were just for huge multi-national companies. I need to re-think this.

    ReplyDelete
    Replies
    1. I believe that many people think this Anne! It really is important for all businesses to address the issue of securing private information, even the smallest of companies! Thanks for taking the time to leave a comment!

      Delete

Thanks for visiting our website. Contact Us! We can answer your questions and offer you a consultation on how we can help You with your Hiring, Business, and Security Needs!

We also invite you to Subscribe. Just leave your email and you will get one new article each week with tips and information focused on You and Your Business!