Why does your organization need a Privacy Policy?

Developing a privacy policy is the first step for an organization in its privacy journey. The policy becomes a ‘guiding document’ for the organization based on which the organization’s privacy program is designed, implemented and managed.

For many organizations, their customers, regulators, or other stakeholders require a privacy policy in place for doing business.

Does your organization need to be a ‘large one’ to bother about a privacy policy?

Definitely not. If your organization, however small, deals with Personal Information of any kind, you are required to ensure its privacy. This is required to be done under the laws of almost all countries in the world – even India! And since all organizations deal with personal information (at least of its employees, if not others), every organizations needs a privacy policy.

What are the factors to be considered while developing a privacy policy?

Typically, the factors that serve as inputs in designing a privacy policy are:

  • The laws, regulations & standards that the organization is required to comply with. The policy has to ensure that the requirements of each applicable law/ regulation are met. So when an organization has to comply with multiple laws, an ‘integrated’ minimum common base has to first be developed – based on which the actual policy is developed
  • The organization’s business context
  • The organization’s infrastructure, people, processes, etc – so that the policy is compatible with the organizational context

The ‘Privacy Policy’ that is typically published on a customer’s website is the same as the above?

No. While the term used there is also ‘privacy policy’, in reality that is what is typically referred to as a ‘privacy notice’ in the world of privacy. A policy is always internal to an organization. The notice is an external manifestation of the same and talks about the privacy related information and commitments of the organization to the individuals from which it collects personal information.

Can the privacy policy be a part of the organization’s security policy?

No. Security and Privacy are very different from each other. Security is about safeguarding all information assets of an organization – including the personal information it handles. Privacy pertains only to Personal Information and goes far beyond safeguarding it. Privacy is about ensuring the organization gives individuals requisite rights over their Personal Information.

Therefore, the two policies need to be different from each other.

Why engage with Arrka to develop your privacy policy?

  • Our domain expertise: We have been providing services in the Privacy domain for the last four years
  • Our experience: We have developed privacy policies for both very large and very small organizations – so we understand the needs across the spectrum
  • Our team: We have a team comprising domain experts, lawyers and technology specialists – all of whom are required to develop a comprehensive privacy policy.