User Tools

Site Tools


Welcome to DIDO WIKI


3.2.3 Policies and Procedures (P&P)

return to Legal Documents

One of the legal documents required for the formal incorporation of an ecosphere community of interest (CoI) is the Policies and Procedures (P&P). The P&P establishes a set of principles and policies that serve these principles, in order to achieve the CoI's long-term goals (i.e, the purpose as stated in its charter). The P&P defines specific methods/procedures employed to express these policies in action: detailed rules and guidelines to control the activities and Data Retention Policy of the organization. In the US, some policies are concerned with human resources (HR) issues (e.g., Health Insurance Portability and Accountability Act (HIPAA), or data protection1) and security), a direct response to the General Data Protection Regulation (GDPR), Data Protection Act 2018, or the California Consumer Privacy Act (CCPA).

The intent of the P&P is to influence and help formulate all the major decisions and actions of the organization. All activities within the organization are to take place within the boundaries set by the P&P. 2) Procedures are specific methods outlining the steps required to fulfill the policies on a day-to-day basis within the organization. Together, policies and procedures help the Governing Body of an organization meet its mission and goals.3)

One of the larger policies that is often required by the Governing Body granting incorporation are the human resources policies, especially those concerning health and human safety.

  • Note The Policies and Procedures (P&P) serve as part of the Regulatory Aspect within the Governing Model. See Governing Roles and the Governing Model for more information.


  • The charter ID made specifically for the CoI (i.e., ecosphere).





NOTE: From,
  • There is no single principal Data Protection legislation in the United States. Rather, a jumble of hundreds of laws enacted on both the federal and state levels serve to protect the personal data of U.S. residents. At the federal level, the Federal Trade Commission Act (15 U.S. Code § 41 et seq.) broadly empowers the U.S. Federal Trade Commission (FTC) to bring enforcement actions to protect consumers against unfair or deceptive practices and to enforce federal privacy and data protection regulations. The FTC has taken the position that “deceptive practices” include a company's failure to comply with its published privacy promises and its failure to provide adequate security of personal information, in addition to its use of deceptive advertising or marketing methods. As described more fully below, other federal statutes primarily address specific sectors, such as financial services or health care.In parallel to the federal regime, state-level statutes protect a wide range of privacy rights of individual residents. The protections afforded by state statutes often differ considerably from one state to another, and cover areas as diverse as protecting library records to keeping homeowners free from drone surveillance.
  • Although there is no general federal legislation impacting data protection, there are a number of federal data protection laws that are sector-specific, or focus on particular types of data. By way of example,
    o Driver's Privacy Protection Act of 1994 (DPPA)
    o Children's Online Privacy Protection Act (COPPA)
    o Video Privacy Protection Act (VPPA)
    o Cable Subscriber Protection
Difference Between Policies and Procedures, Key Differences, accessed 21 May 2020,
dido/public/ra/1.3_gov/1_legaldocs/3_pp.txt · Last modified: 2022/03/26 10:01 by nick
Translations of this page: