privacy plan

A privacy plan is an organizational directive that outlines how the organization will protect the personal information of its customers and clients. A privacy plan tends to be an internal document, as opposed to a privacy policy, which is an outward-facing description of how an organization collects, processes and uses data.

In addition to dictating how an organization collects and dispenses with personal data, a privacy plan also spells out how the company complies with laws and regulations pertaining to information security. A good plan is a tool that allows members of the organization to understand how the company keeps information secure, who is responsible for managing it and what actions will be taken in the case of a system security breach. Privacy plans range widely and can be as short or as detailed, as preferred. Thorough outlines can include specific software, protocols and other relevant tools to be implemented to ensure data protection.

This was last updated in July 2013

Continue Reading About privacy plan

Dig Deeper on Risk management and governance