We have a client who requested to see our data protection policy... well we don't have one - is there anywhere online which sells a template so we can develop one soon... or does anyone have any idea what one needs to include - I never really thought a client would feel data protection is an issue, but we must address these issues as they appear.

Cheers,
Liam

What do you mean by Data Protection?

Personally I would assume they want to see your privacy policy, but you would be better to confirm with them first.

I understand... do you know anywhere with privacy policy templates?

I understand... do you know anywhere with privacy policy templates?

What country is your company operating from? It's not just a case of getting a template, you need to make sure you are abiding by your local privacy laws as well.

I would assume that the client wants to know that credit card numbers are stored encrypted; who in your business has access to encryption passphrases; are local backups physically secured; ...things like that.

This sounds like the type of question we sometimes get when a business magazine runs a story about online fraud and then has a sidebar that says "things you can do to protect your data". Inevitably, one of those things is "ask your host if about their data protection policy".

If this is the case here, your client may not know exactly what they're asking for. My reply would try to reassure your client that you take data protection seriously. Provide relevant sections from your privacy policy and other related info.

I understand... do you know anywhere with privacy policy templates?

Better Business Bureau Online has an awesome privacy policy template. It's really well written and clear, although a bit dated (it's about 5 years old I think) but it makes a great starting point.

Here are a few privacy policy templates that are decent:
http://www.siteprocentral.com/contracts/privacy_policy_sample.html

examples of real sites:
http://www.steves-templates.com/privacy.html
http://www.komen.org/intradoc-cgi/idc_cgi_isapi.dll?IdcService=SS_GET_PAGE&ssDocName=PrivacyPolicy
http://www.templatesbox.com/privacy.htm

have you thought about doing the p3p standard stuff if you do cookies? etc? Kinda on this topic...

I would assume that the client wants to know that credit card numbers are stored encrypted; who in your business has access to encryption passphrases; are local backups physically secured; ...things like that.

You could always modify the disclaimer issued by Visa, Mastercard, Amex, etc. when you became PCI compliant; but you would be better off contacting your lawyer and having the policy crafted to suit your business.

We have a client who requested to see our data protection policy... well we don't have one - is there anywhere online which sells a template so we can develop one soon... or does anyone have any idea what one needs to include - I never really thought a client would feel data protection is an issue, but we must address these issues as they appear.

Cheers,
Liam


Use one of the templates that bwb stated above then get an appropriate lawyer to go over it and refine it to your business.

Remember that they are templates NOT finished documents and you could inadvertently make matters worse by providing an inaccurate document than not one at all!

GL