Saturday, November 12, 2011


By John Kyriazoglou* (author’s credentials at the end of this document)

The primary objective of this Privacy of Information Policy is to provide general guidelines for the privacy issues of information activities (collection, use, disclosure, monitoring, etc.) of an organization. This example may be used for educational purposes only and it should be amended to suit the particular organization’s legal and regulatory requirements and operating conditions, before it is put to effective use and is implemented in a real environment. The author assumes no responsibility whatsoever for the contents, suitability and accuracy of this policy.
An example of such a policy is described next.      

  Company ‘XYZ-Fictitious Enterprise Corporation’ Privacy of Information Policy 

1. Purpose of this policy
This policy explains how ‘XYZ-Fictitious Enterprise Corporation’ (hereby termed the company) may collect information about customers and use it in order to satisfy particular customer and regulatory requirements. It also outlines some of the security measures that the company is taking in order to protect data privacy and provide certain assurances on things that the company will not do.

2. Commitment
The Company considers the protection of the privacy of customer data to be of utmost importance and is committed to providing all customers with a personalized service that meets the requirements of the specific customers in a way that safeguards their privacy.

3. Opportunity to decline
When the company obtains personal information from you, or when you take a new service from the company, we will give you the opportunity to indicate if you do or do not (as applicable) wish to receive information from the company about other services or products.
Normally this will be done by way of a tick box on an application form or contract. You may revise the choice that you have made at any time by writing to the company informing us of the change.

4. Personal information collection
Some of the personal information the company holds about you may be sensitive personal data within the meaning of the Data Protection Act and other relevant laws. The company may collect personal information about you from a number of sources, including: (a) from you when you agree to take a service from us in which case this may include your personal and/or business contact details, (b) from you when you contact the company with an enquiry or in response to a communication from the company, in which case this may tell us something about your preferences, and (c) from publicly available sources.

5. Use of information
Information you provide to the company or the company holds about you may be used by the company to: (a) identify you when you make enquiries, (b) help administer, and contact you about improved administration of, any accounts, services and products provided by the company previously, now or in the future, (c) carry out marketing analysis and customer profiling and create statistical and testing information, (d) help the company to prevent and detect fraud or loss, and (e) contact you by any means (including mail, email, telephone, etc.) about other services and products offered by the company, and authorized selected partners.

6. Credit reference checks
The company, in some circumstances, may do certain credit checks with licensed credit reference agencies when you apply to take a service or product. If this is applicable, then it will be stated in the terms and conditions of doing business between you and the company.

7. Disclosure of information
The company may disclose information only where legitimately requested for legal or regulatory purposes, as part of legal proceedings or prospective legal proceedings.

8. Protection of information
The company maintains strict security measures and controls in order to protect personal information. This includes following certain administrative and security policies, procedures, and practices to check your identity when you telephone us, encrypting data on our websites, backing up data to offsite locations, etc., in order to ensure compliance with all applicable legal requirements.

9. Internet access
If you communicate with the company via the internet then we may occasionally use e-mail to contact you about our services and products. Please be aware that communications over the Internet, such as emails, are not secure unless they have been encrypted. The company cannot accept responsibility for any unauthorized access or loss of personal information that is beyond the company’s control. We may use "cookies" to monitor website user traffic patterns and site usage. You can normally alter the settings of your browser to prevent acceptance of cookies. However, rejecting cookies may affect your ability to use some of the products and/or services at the company’s web site.

10. Monitoring of communications
All Company communications with you (including phone conversations, emails, etc.) may be monitored and recorded by the company for security, quality assurance, legal, regulatory and training purposes.

 *Author’s Credentials
John Kyriazoglou, CICA, M.S.,B.A(Hon), is an International IT and Management Consultant, author of the book ‘IT STRATEGIC & OPERATIONAL CONTROLS’ (published in 2010 by, and co-author of the book CORPORATE CONTROLS’ ( to be published in 2/2012 by, with Dr. F. Nasuti and Dr. C. Kyriazoglou.


Articles, Opinions, etc.:

No comments:

Post a Comment