Employee information: Where is the information stored in regards to health, financial, employment, and personal information, how is it controlled and who has access to it? Steps need to be taken to protect this information.
Financial information: If the company accepts online payments are credit card details stored. Companies that work face to face with their customers should be aware of what information they do collect and how they use it. What measures are taken to safeguard that information and eventually destroy it, for example, are paper records shredded?
Include a statement to which that information will not be used according to law. A company should understand what needs to be done when creating its policy and its boundaries within the EU and if trading outside the EU say, North America, what are those laws in regards to privacy so there are no ambiguities left for interpretation.
If your website collects any kind of data from users, then a business is well advised to have privacy policies in place. Why? Because by having privacy policies in place you are protecting yourself against anyone objecting to your use of the information they enter into your website.
You may believe that because your website is hosted in a place where there are no privacy laws that you don’t need a policy; that you can’t be held legally responsible for the information, but the law doesn’t work that way. In fact it is the location where the user lives that makes the difference; if you have not made clear how you will be using someone’s data, and they choose to pursue it legally, then you could be liable.
You might think that it is unlikely that anyone would take action against your website, but as putting privacy policies in place is so simple it really is worth the effort. This applies even if the only information you collect is comments on a blog. A policy only needs to be a page that explains what information you collect from users, what you will do with it, how you will notify them of any change to the privacy policies and your contact details for any questions. Although it’s a simple document to draw up, it’s well worth getting professional help to ensure that you are properly legally covered.
If you run any third party web applications like Google Adsense then you may need to incorporate some of their privacy requirements into your own policy. Also note that if your website is used by anyone under the age of 13 there are specific requirements for dealing with information collected from minors.
Once you’ve got a policy you need to make sure that you stick to it and that if anything changes you update the policy as soon as possible.
In extreme circumstances the individual can be sued for failure to safeguard information obtained from a client.
Anyone who is worried due to uncertainty about whether they could get into trouble is advised to seek legal advice. The most obvious way of doing this is to contact a lawyer. Alternatively (to save on money) you can research this legal area online. In the meantime such a person should write out a policy statement on their website.
First of all, the policy is there to protect your personal information. Details like what your name is, where you work, where you live, etc, are very tempting to people who do identity theft. Online identity theft is common for those who do not know how to protect their identity.
The policy helps to protect your password from hackers who might use your online account for unsavory purposes. Once they have your bank details, passwords, and personal information, they can order things on your behalf. They can use your information in illegal schemes and pretty much do anything online that is illegal and not authorized by you.