Follow ACC Docket Online:  

This Week in Privacy: Adoption Policies for Privacy Programs

"This Week in Privacy” is a new column for in-house counsel who need advice in the privacy and cybersecurity sectors. K Royal is a director at TrustArc. To have your legal privacy questions answered, email k@heartofprivacy.com with “This Week in Privacy" in the subject line.

Q: It’s so easy to buy off-the-shelf policies. Is that the best option for developing and improving our privacy program?


A: Given that so many laws, rules, and regulations in the United States and elsewhere are specific on what you need to do, it is easy to buy policies off the shelf. However, that only gets you so far.

You need to revise them based on your culture. Evaluate how they fit in with any of your company’s current policies or activities, whether they are documented or not. And last, put them in practice and train your personnel. If something is written in policy and is not implemented and verified for compliance, then it would be better not to have policies that you violate from the time they are adopted.


The information in any resource collected in this virtual library should not be construed as legal advice or legal opinion on specific facts and should not be considered representative of the views of its authors, its sponsors, and/or ACC. These resources are not intended as a definitive statement on the subject addressed. Rather, they are intended to serve as a tool providing practical advice and references for the busy in-house practitioner and other readers.