Your Policies, Follow-up

There is a great post at Security Catalyst on why you need a privacy policy. It covers a lot of territory and compliments my previous posts (part 1, part 2, and part 3).

Here's the rationale/reasoning...

So to summarize, here are the 7 reasons you need a privacy policy:

1. If you have customers or employees, you need to safeguard personal information.
2. Laws do not usually establish Privacy Practices. Privacy Policies create Privacy Practices.
3. Privacy Policies are often required by law or regulation.
4. Your business faces privacy challenges which nobody else faces.
5. Cloud Computing, Social Media, Goods and Services, Employer, and other activities pose unique challenges to handling personal information.
6. You must comply with specific regulations if you have customers or employees in specific states or the EU, or if your servers (or the servers of a subcontractor) reside in the EU.
7. Your company has affirmative privacy obligations with respect to minors under 13 years old.

Perhaps my favorite part is describing policies not as a "necessary evil," but just "necessary." Have a read, then take a look at how your institution is handling access to social media, iPhones, and all other forms of information including (ahem...) payments.