- The laws, regulations & standards that the organization is required to comply with. The policy has to ensure that the requirements of each applicable law/ regulation are met. So when an organization has to comply with multiple laws, an ‘integrated’ minimum common base has to first be developed – based on which the actual policy is developed
- The organization’s business context
- The organization’s infrastructure, people, processes, etc – so that the policy is compatible with the organizational context
No. Security and Privacy are very different from each other. Security is about safeguarding all information assets of an organization – including the personal information it handles. Privacy pertains only to Personal Information and goes far beyond safeguarding it. Privacy is about ensuring the organization gives individuals requisite rights over their Personal Information.
Therefore, the two policies need to be different from each other.
- Our domain expertise: We have been providing services in the Privacy domain for the last four years
- Our experience: We have developed privacy policies for both very large and very small organizations – so we understand the needs across the spectrum