Writing an Official Privacy Policy

It may be appropriate for a business to have more than one privacy policy in writing; for example, there could be one privacy policy relating to records of customers and another relating to those of employees of the company. A company might even have a separate privacy policy to cover its website, laying out any privacy concerns specific to the Internet, such as the use of tracking cookies.
Customers and employees should be given the chance to read the relevant privacy policy when they hand over their details. This protects them from having their details used in a way they don’t agree with, since they have the chance to withhold their information if they disagree with the guidelines. It also protects the business against future accusations that it is using facts about people without their consent.
When asking customers for their details, it is common to allow them to opt out of having these used in certain ways, typically various forms of direct marketing. These decisions must be recorded and the subject’s wishes must be respected at all times.
A Clear Statement of Intent
A privacy policy should describe what information the business intends to collect about people, and how this will be used. It should describe how long the data will be retained for, and list the steps that will be taken to ensure that redundant items are removed and that the information is kept up to date.If there is the possibility that people’s records could be transferred to third parties (other than parties that have a legal right to ask for access, such as the police) then this must be specifically documented.
Clauses
If the organisation needs to do any of the following things, they should be explicitly mentioned in its official privacy policy:- drug and alcohol testing
- storing medical information
- searching employees of their possessions
Retention
It is useful to create clear guidelines for staff about the length of time for which personal files should be kept. The more specific the advice, the better. In this way, everyone involved in the collection, storage, modification and maintenance of personal data will understand what their obligations are.The Data Protection Act states that records should be kept for no longer than is necessary to achieve the purpose for which they were collected. A clear and coherent written strategy will help a business to comply with this aspect of the Act.
The EU General Data Protection Regulation (GDPR) superseded the UK Data Protection Act 1998 on May 25, 2018. The new policy expands the rights of individuals to control how their personal data is collected and processed and it places a range of new obligations on organisations to be more accountable for data protection.
Organisations are obliged to have technical and procedural measures in place to safeguard the personal information they hold.
Re: What to Do If Your Privacy is Invaded at Work
I have had an incident at work where a Rifle was pointed at me and it shook me up badly and was off sick for…
Re: Worker-Manager Confidentiality
I disclosed something incredibly private that happened to me at training to my manager as it was effecting my work. It was taken…
Re: What to Do If Your Privacy is Invaded at Work
I had a co worker make my life hell out of work. When I quit her son came to my house to beat me up. While…
Re: Worker-Manager Confidentiality
I have recently been diagnosed with infertility. My partner (we work at the same place) told his manager “off the record”, and…
Re: Privacy and Staff Appraisals
Can I request a copy of my appraisal while I am off work on sick leave? Does an employer refuse to provide me with my appraisal…
Re: What to Do If Your Privacy is Invaded at Work
What if your company is following disciplinary action against an employee over private messages using…
Re: What to Do If Your Privacy is Invaded at Work
Center Parcs have just sent to staff a file containing the personal details for ALL employees. The file…
Re: What to Do If Your Privacy is Invaded at Work
I have been of work for 6 weeks as my arm was broken and I have had a operation this was due to domestic…
Re: What to Do If Your Privacy is Invaded at Work
My assistant came to me in confidence to inform me that my Manager has been searching though my families…
Re: What to Do If Your Privacy is Invaded at Work
My address has been obtain from work and used to send a distressing Funky Pigeon card, can I log a grievance…