Having a Privacy Policy for your business is a great way to let your Employees and Customers know that you take their security seriously.
Creating a sound Privacy Policy is a crucial step in ensuring their PII (Personally Identifiable Information) is handled safely and thoughtfully.
Your Privacy Policy, or Privacy Statement, should have two versions. One that will appear on your website and one for the Owners, Managers, and Employees of your company.
The “public” online version should include the policy's purpose and an overview. It should also cover the key elements within your policy.
The purpose section is where you share why you have created a Privacy Policy. Explaining that you recognize the need to maintain the confidentiality of personal information and that you are dedicated to the protection of it throughout your company is vital.
Your online version will include an outline of your policy’s key elements. It should explain what type of information is considered PII, how you retain that information within your company, and the training you give your employees and contractors in the safe handling of PII.
It should also share how PII is transmitted to your employees and contractors who may have access to PII, your adherence to all regulatory requirements concerning PII, and your dedication to the confidentiality of this information. Including your commitment to discipline, re-train, suspend, and/or terminate anyone violating your Privacy Policy is also important.
Why Your Business Needs a Privacy Policy Now! “Tweet This”
While that covers the public version of your Privacy Policy, it is also important that you have a more comprehensive, internal version, for your employees and contractors.
Your in-house Privacy Policy will include all the key elements of your public policy, in addition to adding more detailed information that is specific to you and your company.
To make it truly informative, this internal policy statement should start by including specific examples of PII. This will help your new and existing employees recognize exactly what they should look for and safeguard.
Under your Retention section, it is important you detail how long your company retains PII information and your procedures for its disposal.
Addressing employee and contractor training is also important. Reinforcing your dedication to safeguarding PII, when and how you initiate the training, and emphasizing mandatory compliance should be your focus. In addition, you should explain your commitment to ongoing observation and internal audits for potential violations.
It would also be wise to include “minimum necessary” and “need to know” principles in your Privacy Policy. Making sure to limit access to PII to only those employees and contractors that absolutely require it to do their jobs is the best practice.
Your internal Privacy Policy should also be more detailed when it comes to addressing data on portable devices and off-site access. Requiring anyone with access to PII to use only assigned, approved devices makes sense.
When it comes to regulatory requirements concerning PII, you need to state in your policy your commitment to complying with existing laws and staying abreast of any changes to those laws. Assigning this specific duty to one or two designated employees helps.
Finally, your detailed in-house Privacy Policy must outline what will happen in the event there is a violation or breach in your PII protocol. Be sure to completely explain the penalties for a first or subsequent offense so your employees and contractors understand the consequences of not following PII policy.
Created by Kimberly Kline, API |
Taking a conscientious approach when it comes to recognizing what data is considered PII, training employees in how to handle it properly,
and creating a sound Privacy Policy makes sense.
It shows your customers and clients your commitment to keeping their personal information safe…..and that is good for you and your company!
Authored by
To find out more about what is considered PII and how you can train your employees and contractors to safeguard it properly, check out;
“Tips to Help You Safeguard PII in Your Small Business”!
“Tips to Help You Safeguard PII in Your Small Business”!
Need Help Starting or Growing Your Business? Contact Us! Our Services include Business Mentoring, Hiring and Job Search help, and Security for Your Company! Find out more About Us too!