Principals for Defining Privacy Policy


Companies wishing to enact an internal privacy policy or code should consider as a starting point the three concepts that help define information privacy: data collection, data accuracy, and data confidentiality.

Data Collection: the following principles should be adhered to:

  • Data should be collected on individuals only to accomplish a legitimate business objective.
  • Data should be adequate, relevant, and not excessive in relation to the business objective.
  • Data should be obtained in a lawful manner.
  • Individuals must give their consent before data pertaining to them can be gathered. Such consent may be implied from the individual’s actions (e.g., when they apply for credit, insurance, or employment).

Data accuracy: to ensure that misleading information will not be distributed, the following principles apply:

  • Sensitive data gathered on individuals should be verified before it is entered in database.
  • Data should be accurate and, when necessary, kept up to date.
  • The file should be made available so the individual can ensure that the data is correct.
  • If there is disagreement about the accuracy of the data, the individual’s version should be noted and included in any disclosures of the file.

Data Confidentiality: the privacy policy should ensure confidentiality as follows:

  • Computer security procedures should be implemented to provide reasonable assurance against the unauthorized disclosure of data. These procedures should include physical, technical, and administrative security measures.
  • Third parties should not be given access to data without the individual’s knowledge or permission, except as required by law.
  • Disclosures of data, other than the most routine, should be noted and maintained for as long as the data is maintained.
  • Data should not be disclosed for reasons incompatible with the business objective for which it was collected.

My Consultancy–Asif J. Mir – Management Consultant–transforms organizations where people have the freedom to be creative, a place that brings out the best in everybody–an open, fair place where people have a sense that what they do matters. For details please visit www.asifjmir.com, and my Lectures.

Intranets


Not all Websites are available to anyone cruising the Net. Some are reserved for the private use of a single company’s employees and stakeholders. An intranet uses the same technologies as the Internet and the World Wide Web, but the information provided and the access allowed are restricted to the boundaries of a company-wide LAN or WAN. In some cases, suppliers, distribution partners, and key customers may also have access, but intranets are protected from unauthorized access through the Internet by a firewall, a special type of gateway that controls access to the local network. People on an intranet can get out to the Internet, but unauthorized people on the Internet cannot get in.

Possibly the biggest advantage of an intranet is that it eliminates the problem of employees’ using different types of computers within a company. On an Intranet, all information is available in a format compatible with Macintosh, PC, UNIX-based computers. The need to publish internal documents on paper is virtually eliminated because everyone can access the information electronically.

Besides saving paper, an intranet can save a company money in the form of employee hours. Employees can find information much faster and more easily by using a well-designed database on an intranet than by digging through a filing cabinet or card catalog. Some of the communication uses companies have for intranets include updating policy manuals, posting job openings and submitting job applications, accessing martketing and sales presentations from anywhere in the world, updating and managing employee benefits, accessing company records and databases, collaborating from anywhere in the  world to develop new products, scheduling meetings, setting up company phone directories, and publishing company newsletters. In fact, just about any information that can help employees communicate is a good candidate for an intranet. As video and audio technologies progress, you can expect to see more multimedia applications on intranets as well.

My Consultancy–Asif J. Mir – Management Consultant–transforms organizations where people have the freedom to be creative, a place that brings out the best in everybody–an open, fair place where people have a sense that what they do matters. For details please visit www.asifjmir.com, Lectures, Line of Sight