Businesses often have several stakeholders to include customers, suppliers, shareholders, employees, and so on. These stakeholders place significant trust in sharing sensitive information with the company, often creating legal and ethical responsibilities to protect their private data. Having a published Privacy Act Policy can strengthen the trust and relationship between a company and its stakeholders by clearly disclosing how their information will be handled.
a) How private information is directly and indirectly collected
b) How this information will be used
c) In what circumstances information would be shared
d) How to access information collected (Example: FOIA)
e) How information will be secured
f) Notification and remediation procedures in the event of unauthorized disclosure