Sidebar
Table of Contents
3.2.3 Policies and Procedures (P&P)
One of the legal documents required for the formal incorporation of an ecosphere community of interest (CoI) is the Policies and Procedures (P&P). The P&P establishes a set of principles and policies that serve these principles, in order to achieve the CoI's long-term goals (i.e, the purpose as stated in its charter). The P&P defines specific methods/procedures employed to express these policies in action: detailed rules and guidelines to control the activities and Data Retention Policy of the organization. In the US, some policies are concerned with human resources (HR) issues (e.g., Health Insurance Portability and Accountability Act (HIPAA), or data protection1) and security), a direct response to the General Data Protection Regulation (GDPR), Data Protection Act 2018, or the California Consumer Privacy Act (CCPA).
The intent of the P&P is to influence and help formulate all the major decisions and actions of the organization. All activities within the organization are to take place within the boundaries set by the P&P. 2) Procedures are specific methods outlining the steps required to fulfill the policies on a day-to-day basis within the organization. Together, policies and procedures help the Governing Body of an organization meet its mission and goals.3)
One of the larger policies that is often required by the Governing Body granting incorporation are the human resources policies, especially those concerning health and human safety.
- Note The Policies and Procedures (P&P) serve as part of the Regulatory Aspect within the Governing Model. See Governing Roles and the Governing Model for more information.
Standards
- The charter ID made specifically for the CoI (i.e., ecosphere).
Laws
- Occupational Safety and Health Act of 1970, Public Law 91-596, 84 STAT. 1590, 91st Congress, S.2193, December 29, 1970, as amended through January 1, 2004. https://www.osha.gov/laws-regs/oshact/completeoshact
- Regulation (EU) 2016/679 OF THE European Parliament and of the Council of 27 April 2016 https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679
Tools
- Rocket Lawyer, Health and Safety Policy Document Maker, Accessed 21 may 2020, https://www.rocketlawyer.com/gb/en/documents/health-and-safety-policy
- Rocket Lawyer, Data Protection and Data Security Document Maker, Accessed 21 May 2020, https://www.rocketlawyer.com/gb/en/documents/data-protection-and-data-security-policy
References
- Health and Safety, Rocket Lawyer, accessed 21 May 2020. https://www.rocketlawyer.com/gb/en/quick-guides/health-and-safety
- Overview of the Data protection and data security policy, Rocket Lawyer, accessed 21 May 2020. https://www.rocketlawyer.com/gb/en/documents/data-protection-and-data-security-policy
[char]Review
- There is no single principal Data Protection legislation in the United States. Rather, a jumble of hundreds of laws enacted on both the federal and state levels serve to protect the personal data of U.S. residents. At the federal level, the Federal Trade Commission Act (15 U.S. Code § 41 et seq.) broadly empowers the U.S. Federal Trade Commission (FTC) to bring enforcement actions to protect consumers against unfair or deceptive practices and to enforce federal privacy and data protection regulations. The FTC has taken the position that “deceptive practices” include a company's failure to comply with its published privacy promises and its failure to provide adequate security of personal information, in addition to its use of deceptive advertising or marketing methods. As described more fully below, other federal statutes primarily address specific sectors, such as financial services or health care.In parallel to the federal regime, state-level statutes protect a wide range of privacy rights of individual residents. The protections afforded by state statutes often differ considerably from one state to another, and cover areas as diverse as protecting library records to keeping homeowners free from drone surveillance.
- Although there is no general federal legislation impacting data protection, there are a number of federal data protection laws that are sector-specific, or focus on particular types of data. By way of example,
o Driver's Privacy Protection Act of 1994 (DPPA)
o Children's Online Privacy Protection Act (COPPA)
o Video Privacy Protection Act (VPPA)
o Cable Subscriber Protection
