Organizations establish and disclose privacy policies outlining their approach to handling PII. These usually entail:
- Statement of the organization’s commitment to privacy. The type of information the organization would collect. This could include names, addresses, credit card numbers, phone numbers, etc.
- Retaining and using e-mail correspondence.
- Information gathered through cookies and Web server logs and how that information is used.
- How information is shared with affiliates and strategic partners.
- Mechanisms to secure information transmissions, such as encryption and digital signatures.
- Mechanisms to protect PII stored by the organization.
- Procedures for review of the organization’s compliance with the privacy policy.
- Evaluation of information protection practices.
- Means for the user to access and correct PII held by the organization.
- Rules for disclosing PII to outside parties.
- Providing PII that is legally required.