Data privacy, One Corporate Privacy Policy Does Not Fit All

Data Privacy

One Corporate Privacy Policy Does Not Fit All

We all agree that protecting personal data is imperative. The information that agencies, insurers, and retail businesses collect is the same data that identity thieves want so they can take over our accounts.

Not surprisingly, legislatures in all 50 states and worldwide have enacted privacy regulations to protect data that consumers legitimately provide in the course of doing business. Compliance is based on where a company does business or collects data from. For a national company with web visitors from Europe, the number of regulations can be overwhelming. To understand the requirements specific to your business, Industry groups and corporate legal counsel are the definitive sources.

Your Company’s Privacy Policy – Where to Begin
Your company’s public privacy policy is the record of how you agree to protect information gathered and what legitimate uses are intended for the data. Addressing the topics of the most restrictive laws is a good start. Like any externally published policy, this should have executive buy-in and approval by corporate legal counsel. Commonly this policy document is linked to from the main website and any pages that collect data and includes a check box attesting to reading and agreeing to the linked privacy policy before data is submitted.

Resources & Tools for Managing Privacy Risk
The National Institute of Standards and Technology (NIST) has a Privacy Framework and a NIST Special Publication Series 800-122 on protecting Personally Identifiable Information (PII Data). The privacy framework shows how detailed a program can be and the effort involved across the business.

NIST Privacy Framework

NIST SP800-122


Richard Wolford
Software Engineer


PA Cybersecurity Resource Center
The PA Cybersecurity Resource Center is financed by a grant from the Commonwealth of Pennsylvania, Department of Community and Economic Development.

Protecting personal data that agencies, insurers, and retail businesses collect
Common Corporate Privacy Policy Topics Include:
  • Company name, affiliates and partners
  • Business purpose
  • What data is collected and under what authority is the collection made
  • What the data is used for
  • If data is shared within internal business units and for what purposes
  • If data is shared with affiliates or partners and for what purposes
  • If data is shared, rented, or sold to external parties
  • How data is protected
  • How long data is retained and how it is disposed of when no longer needed
  • If an individual can review or edit data about themselves
  • If an individual can request data not be shared
  • If an individual can ask to be deleted from any or all records
Copyright © 2024 Concurrent Technologies Corporation. All rights reserved. Send comments & questions to the Webmaster.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability status, protected veteran status, or any other characteristic protected by law.
CTC on Facebook    CTC on LinkedIn    CTC on YouTube