What is a digital policy?
These are the guidelines adopted by the company, of how it collects and processes information over the internet. A digital policy is the company’s rule book, describing what it will and won’t do, in/for its online activity.
Who needs a digital policy?
In these days and times, every business needs a digital policy because:
- Every business today has (or should have) an on-line presence.
- Every business collects, processes and stores information.
- Every business is subject to the privacy legislation of at least one country, and usually more.
- Privacy legislation is developing speedily worldwide and it is well-nigh impossible to keep up unless you have a full time legal department that is qualified in many and varied jurisdictions. Most small and medium companies do not have access to this kind of legal support.
- Preparing a digital policy requires consideration of how your company wishes to address these issues. It expresses intent and shows good faith effort to the concept of privacy.
- A digital policy is one block in the wall of your defensible position.
The principles of a digital policy should be consistent with the principles of privacy by design, the GDPR and other relevant privacy legislation. In general, these guidelines should include, collecting only information that is required to perform the platform’s tasks, using it only as agreed to with the data subject and deleting it when requested or it is no longer required. The digital policy will also cover where the data will be stored and how securely it will be kept, as well as cross-border transfers and the conditions under which employees will be allowed access. It should reference the key concepts of transparency, accountability, integrity, data minimization, user-centricity and more.
Why?
Having a digital presence is a risky business. Data breaches are common, privacy regulators are becoming more and more active, mistakes are easy to make and hard to hide, and can lead to serious consequences. A digital policy helps to mitigate risk
Who prepares a digital policy?
A digital policy is a co-creation of a Company’s privacy counsel, management and IT team. Privacy counsel will guide the process and help write the digital policy, such that it (i) reflect the Company’s business culture, beliefs goals and objectives and (ii) addresses all applicable laws and regulations – both local and international.
According to Kristina Podnar, author of the book “Power of Digital Policy”, digital policies are the antidote to the things that can go wrong when organizations make up the rules as they go along. I couldn’t agree more.
A digital policy alone, will not provide a defensible position, but together with a sincere effort to comply with the relevant legislation to which the company is subject from time to time, will serve as a sturdy support in the event of a privacy related challenge down the road.
