Organizational Privacy Policies


Organizational Privacy Policies Topic Page

Here, you can find the IAPP’s collection of coverage, analysis and resources related to organizational privacy policies.

Featured Resources

Privacy Risk Study 2023

This year’s Privacy Risk Study represents the most comprehensive study of privacy risk undertaken by the IAPP in collaboration with KPMG.
Read More

Setting data retention timelines

When setting retention timelines for your data, start with this plan: If you don’t need to have it, then delete it. However, figuring out the exact timelines you can adhere to is more complicated than you might have planned on. Privacy engineer Lea Kissner offers guidelines privacy professionals might find useful when setting data retention timelines.
Read More

Data Processing Agreements: Coordination, Drafting, and Negotiation

The commentary in this book should assist you in better understanding the contracting and third-party accountability aspects of your projects and provide you with tools for success.
Read More

Additional News and Resources

How to manage insider threats without violating privacy laws

The idea of an "insider threat" is becoming a key issue in companies' business risk management, and data privacy requirements have a significant impact on the mitigation measures companies can take against inadvertent and malicious threats. While organizations are fundamentally interested in mitigating insider threat-related risks to information security, IT and compliance professionals must be aware of competing legal requirements and compliance issues to be able to effectively mitigate those r... Read More

Does the CCPA regulate internal transfers?

Getting ready for the California Consumer Privacy Act is a priority for most U.S. organizations in 2019. From reviewing vendor contracts to updating privacy policies and data maps, seasoned privacy professionals are familiar with this exercise, as they have significant muscle memory built in from past compliance heavy lifts, such as the EU General Data Protection Regulation. However, little attention has been placed on the effects of the CCPA on intragroup data transfers, and many assume the act... Read More

How to draft a GDPR-compliant retention policy

Data minimization, storage limitation, records of processing activities and requirements for providing information and access to personal data under the EU General Data Protection Regulation all have one thing in common: You need to be able to clearly define the period for which personal data will be stored or, if not possible, criteria to determine that period. Most organizations implementing the GDPR consider retention policies or retention rules necessary to achieve this. At first it seems a... Read More

Building a program? Better get your internal audit game right

It can be challenging for a business to correctly identify its unique privacy risks and the sufficiency of any safeguards in place to manage those risks. That’s where a well-developed internal-audit function is essential, writes Sara van Spronsen in this exclusive for The Privacy Advisor. “Without the independence, skills and expertise, and cross-border abilities of a well-developed internal audit function, an organization may find itself struggling to provide the necessary substance to back its... Read More