In a world of ever-changing technologies and rules governing these technologies, a privacy policy can never be "set it and forget it." Learn how and when to update your organization's privacy policy.
Ready to start your business? Plans start at $0 + filing fees.
updated September 1, 2023 · 3min read
You've done the hard work and implemented a privacy policy to guide and govern your organization through the thicket of laws, regulations, and expectations that have grown around the concept of data privacy. Your work, though, is not done. With new technologies, laws, and a constantly evolving competitive landscape, your privacy policy will need to be periodically updated, or at least, evaluated.
A privacy policy is an internal document that guides and governs an organization on the creation of processes to meet organizational privacy goals. It provides the basis for all of your organization's privacy-related guidelines and procedures, ranging from website terms and conditions to handling of any personally identifiable data.
It also provides a guideline for privacy notices, that is, any external communications to individuals, customers, or data subjects concerning your organization's privacy practices.
There are many circumstances that could trigger a need to examine whether your organization should change its privacy policy, including:
Much like the preferred method of implementing a privacy policy in the first place, you should consult with a team of stakeholders to form a cross-discipline privacy team in your organization. This team should be composed of representatives from any corporate department that handles personal data, as well as departments such as legal, HR, finance, communications, sales and marketing, and IT. Shaping a privacy policy can involve significant resources and expertise, and obtaining buy-in from your entire organization is crucial.
Once the new policy is in place, your employees who handle personal data should be trained—and reminded on a periodic basis—on how best to handle such data. These communications should take place across a spectrum of platforms, including email, posted notices, and even offbeat events such as a celebration of International Privacy Day (January 28) to remind employees of their roles in the protection of personal data. You can make it fun, yet always try to make it memorable.
And, finally, once an organization's privacy policy has changed, any documents—including privacy disclosures, contracts with vendors, and documented internal procedures—that are reliant on the old privacy policy should be examined to see whether they, too, need to be modified for compliance with the updated policy.
Modifying a privacy policy can be a daunting process, but help is available. Organizations such as the International Association of Privacy Professionals (IAPP) have resources to help guide you through to, if not the end, then the next time your organization's privacy policy needs to be examined and perhaps changed.
by Tim Peterson, Esq.
An attorney with over 20 years of experience working in a variety of law firm and in-house positions, Tim Peterson sp...
By knowing what other trademarks are out there, you will understand if there is room for the mark that you want to protect. It is better to find out early, so you can find a mark that will be easier to protect.
May 11, 2023 · 4min read
Want to talk to your parents or grandparents about estate planning, but feel like the topic is taboo? You're not alone. Discussions about estate planning are difficult for many families. Use our tips to broach the subject with sensitivity.
May 17, 2023 · 2min read
It's easy to create a new LLC by filing paperwork with the state. But to set yourself up for success, you'll also need to think about your business name, finances, an operating agreement, and licenses and permits. Here's a step-by-step guide.
September 5, 2023 · 13min read