The Data & Marketing Association has developed this checklist to assist marketers in developing a do-not-call policy for consumers. It was designed to be consistent with the DMA's Guidelines for Ethical Business Practice as well as with Federal and State Do-Not-Call laws.  Click To View (PDF) ... Read More

Executive Editor: Justin B. Weiss, CIPP/A, CIPP/E, CIPP/US, CIPM, FIPPurchase Digital Justin is the global head of data privacy for the Naspers Group of companies. He originated a practicum course on data processing agreements as faculty at the University of Maine School of Law’s 2018 Information Privacy Summer Institute and currently serves as the vice chairman on the board of directors of the International Association of Privacy Professionals. Members of the Privacy Bar Section of the Inte... Read More

White Fuse has created this data protection policy template as a foundation for smaller organizations to create a working data protection policy in accordance with the EU General Data Protection Regulation. This document offers the ability for organizations to customize the policy. Click to View (DOC) This additional template from IT Donut can be used by organizations creating a data protection policy that does not need to take into account the EU General Data Protection Regulation.  Click ... Read More

Hewlett Packard created this policy template outlining appropriate uses of the network, and indemnifying the organization for losses or damages relating to guest usage. Click To View ... Read More

The U.K. Bar Council created this guidance to help barristers and chambers establish good practices and policies for data retention under the EU General Data Protection Regulation. Read More

This employee fact sheet from Privacy Rights Clearinghouse outlines what employers are allowed to monitor. Read More

The Hong Kong Office of the Privacy Commissioner for Personal Data offers these guidelines on to provide guidance to employers on the steps they can take in assessing whether employee monitoring is appropriate for their business, and where it is deemed appropriate, how they can develop privacy compliant practices in the management of personal data obtained from employee monitoring. Click To View (PDF) ... Read More

The Society for Human Resources Management offers a modifiable word document format of polices relating to employees’ communications using company owned devices and networks. Click To Download (DOC) ... Read More

This sample policy addresses the use of employee-owned personal computing devices to access, with certain limitations, the Company’s computing systems. Read More

Google’s policy on how it handles applicant information outlines what types of information the policy covers, how the company can use it, who may access it and choices applicants have in the process, among other things. Read More

This document from the Office of Information & Privacy Commissioner for British Columbia is designed to help organizations develop a privacy policy. Privacy policies describe how an organization handles personal information in a manner that is compliant with PIPA. They are an important resource for staff to follow. Privacy policies can also let individuals know how an organization handles personal information and what rights they have to access to that information.  Click To View (PDF) ... Read More

This sample from HR Daily Advisor sets out rules for investigating the backgrounds and employment references of applicants. Click To View ... Read More

Last Updated: June 2015 This series presents nine elements of a successful vendor-management program and a checklist to help you, the privacy pro, to manage an effective program. Sometimes themes can help us remember information, so for that reason, we’ll use the solar system to guide us through this series: Picture your company as the star around which all vendors revolve—outer space was so much more appealing than an oceanic theme where sharks circle. Part 1: Mercury – Why Have a Vendor ... Read More

This web page from the U.S. Department of Health and Human Services includes definitions, sample business associate agreement provisions and other information to help covered entities and business associates more easily comply with the business associate contract requirements. Read More

This guide from the Singapore PDPC sets out sample clauses for obtaining an individual’s consent to collect, use or disclose his personal data for particular purposes, as well as for an individual to withdraw consent or otherwise indicate that he does not consent. Click To View (PDF) ... Read More