====== 3.2.3 Policies and Procedures (P&P) ====== [[dido:public:ra:1.3_gov:1_legaldocs|return to Legal Documents]] One of the [[dido:public:ra:1.3_gov:1_legaldocs |legal documents]] required for the formal incorporation of an ecosphere [[dido:public:ra:xapend:xapend.a_glossary:c:coi|community of interest (CoI)]] is the [[dido:public:ra:xapend:xapend.a_glossary:p:p_p]]. The P&P establishes a set of principles and policies that serve these principles, in order to achieve the CoI's long-term goals (i.e, the purpose as stated in its [[dido:public:ra:xapend:xapend.a_glossary:c:charter|charter]]). The P&P defines specific methods/procedures employed to express these policies in action: detailed rules and guidelines to control the activities and [[dido:public:ra:xapend:xapend.a_glossary:d:data_retention_policy]] of the organization. In the US, some policies are concerned with human resources (HR) issues (e.g., [[dido:public:ra:xapend:xapend.a_glossary:h:hippa]], or [[dido:public:ra:xapend:xapend.a_glossary:d:data_protection|data protection]](( **NOTE:** From [[https://iclg.com/practice-areas/data-protection-laws-and-regulations/usa]], * //There is no single principal **Data Protection** legislation in the United States. Rather, a jumble of hundreds of laws enacted on both the federal and state levels serve to protect the personal data of U.S. residents. At the federal level, the **Federal Trade Commission Act (15 U.S. Code ยง 41 et seq.)** broadly empowers the U.S. Federal Trade Commission (FTC) to bring enforcement actions to protect consumers against unfair or deceptive practices and to enforce federal privacy and data protection regulations. The FTC has taken the position that "deceptive practices" include a company's failure to comply with its published privacy promises and its failure to provide adequate security of personal information, in addition to its use of deceptive advertising or marketing methods. As described more fully below, other federal statutes primarily address specific sectors, such as financial services or health care.In parallel to the federal regime, state-level statutes protect a wide range of privacy rights of individual residents. The protections afforded by state statutes often differ considerably from one state to another, and cover areas as diverse as protecting library records to keeping homeowners free from drone surveillance.// * //Although there is no general federal legislation impacting data protection, there are a number of federal data protection laws that are sector-specific, or focus on particular types of data. By way of example, // \\ o [[dido:public:ra:xapend:xapend.a_glossary:d:dppa]] \\ o [[dido:public:ra:xapend:xapend.a_glossary:c:coppa]] \\ o [[dido:public:ra:xapend:xapend.a_glossary:v:vppa]] \\ o [[dido:public:ra:xapend:xapend.a_glossary:c:cablesubscriber]] )) and security), a direct response to the [[dido:public:ra:xapend:xapend.a_glossary:g:dgpr]], [[dido:public:ra:xapend:xapend.a_glossary:d:dpa]], or the [[dido:public:ra:xapend:xapend.a_glossary:c:ccpa]]. The intent of the P&P is to influence and help formulate all the major decisions and actions of the organization. All activities within the organization are to take place within the boundaries set by the P&P. (( Difference Between Policies and Procedures, Key Differences, accessed 21 May 2020,[[https://keydifferences.com/difference-between-policies-and-procedures.html]])) Procedures are specific methods outlining the steps required to fulfill the policies on a day-to-day basis within the organization. Together, policies and procedures help the [[dido:public:ra:xapend:xapend.a_glossary:g:gov_body]] of an organization meet its mission and goals.((Policies and Procedures, Business Dictionary, [[http://www.businessdictionary.com/definition/policies-and-procedures.html]])) One of the larger policies that is often required by the [[dido:public:ra:xapend:xapend.a_glossary:g:gov_body]] granting incorporation are the human resources policies, especially those concerning health and human safety. * **Note** The Policies and Procedures (P&P) serve as part of the Regulatory Aspect within the Governing Model. See [[dido:public:ra:1.4_req:00_aboutreq:03_combreqmdl | Governing Roles]] and the [[dido:public:ra:xapend:xapend.j_gov_model:start| Governing Model]] for more information. ===== Standards ===== * The charter ID made specifically for the CoI (i.e., [[dido:public:ra:1.2_views:1_stakeholder:4_ecosphere | ecosphere]]). ===== Laws ===== * Occupational Safety and Health Act of 1970, Public Law 91-596, 84 STAT. 1590, 91st Congress, S.2193, December 29, 1970, as amended through January 1, 2004. [[https://www.osha.gov/laws-regs/oshact/completeoshact]] * Regulation (EU) 2016/679 OF THE European Parliament and of the Council of 27 April 2016 [[https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679]] ===== Tools ===== * Rocket Lawyer, Health and Safety Policy Document Maker, Accessed 21 may 2020, [[https://www.rocketlawyer.com/gb/en/documents/health-and-safety-policy]] * Rocket Lawyer, Data Protection and [[dido:public:ra:xapend:xapend.a_glossary:d:datasecurity|Data Security]] Document Maker, Accessed 21 May 2020, [[https://www.rocketlawyer.com/gb/en/documents/data-protection-and-data-security-policy]] ===== References ===== * Health and Safety, Rocket Lawyer, accessed 21 May 2020. [[https://www.rocketlawyer.com/gb/en/quick-guides/health-and-safety]] * Overview of the Data protection and data security policy, Rocket Lawyer, accessed 21 May 2020. [[https://www.rocketlawyer.com/gb/en/documents/data-protection-and-data-security-policy]] Review /**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- /* To add a discussion page to this page, comment out the line that says ~~DISCUSSION:off~~ */ ~~DISCUSSION:on|Outstanding Issues~~ ~~DISCUSSION:off~~