How private information is directly and indirectly collected?

Businesses often have several stakeholders to include customers, suppliers, shareholders, employees, and so on. These stakeholders place significant trust in sharing sensitive information with the company, often creating legal and ethical responsibilities to protect their private data. Having a published Privacy Act Policy can strengthen the trust and relationship between a company and its stakeholders by clearly disclosing how their information will be handled.

1) Use the Internet to find a Privacy Act Policy (PAP) template and complete for your company. If unemployed, consider privacy concerns of a multi-user home computer. Note: With numerous local, national, and international legal/ethical variables, there is no single Privacy Policy that fits every organization. This document should be tailored to establish ethical handling of private information stored and processed by your company.

2) Your Privacy Policy should include, at a minimum:
a) How private information is directly and indirectly collected
b) How this information will be used
c) In what circumstances information would be shared
d) How to access information collected (Example: FOIA)
e) How information will be secured
f) Notification and remediation procedures in the event of unauthorized disclosure