A privacy program is a program at an institution such as a bank or university which sets privacy policy and communicates with customers about privacy issues. Privacy programs must conform both with the law surrounding privacy, and with the privacy aims of the parent organization. In some regions of the world, institutions are required to demonstrate that they have a privacy program and are implementing privacy policies which are intended to safeguard the data and privacy of their customers.
Staff members in a privacy program keep up with changes in privacy law to stay current and make sure their parent organizations stay current. They also periodically draft new privacy policy, including changes to old policies and entirely new policies. During the drafting phase, they confirm that the changes are legal and that they fit within the ethos of the organization. They must also consider issues like changing norms and trends within the industry so that their companies can stay competitive and current without compromising privacy rights.
New customers must be given information about the privacy program, and may be required to sign documents indicating that they were informed about their privacy rights and they understand them. Old customers are periodically sent privacy policy updates, some of which may require a response. It is advisable to keep all of this documentation on file so that it is available in the event that there is a problem or dispute. If the policy is confusing, it can be explained in plain language by a lawyer or privacy expert.
Under the privacy program, companies have a clearly stated privacy policy and customers have access to methods of redress if the policy is violated or if they believe that the policy may violate the law. The privacy policy includes contact information for the parent organization, opt-out clauses for information sharing, and general information about how personal data is collected, stored, and used. The privacy policy is a commitment to protecting privacy and the security of customer identities both by complying with the law and the company's own policies.
Companies with websites often have a separate area with their privacy program which contains privacy information and other useful references. People can also request that this information be mailed, emailed, or faxed to them for review. In addition, documentation about the privacy program is kept in physical facilities such as bank branches and people can walk in and request a copy of the latest privacy policy and associated information.