This commonly occurs when someone within a company writes their own policy terminology, posts it on a Web page or at the bottom of their email signature and doesn't communicate with the organization's legal council on the matter. A company should also have a privacy statement on its site that is validated by their lawyers to ensure that a misstatement is not used because it could be detrimental to the company down the road.
NIST has developed the following standard pertaining privacy policies:
Privacy portal policy examples:
You may be referring to another type of policy that outlines what can be posted on a portal, who is allowed to submit items to it, how the submissions should be supplied and approved, and what types of items management will not allow on the portal, etc.
I am not familiar with any specific standard on this type of policy. It would just be an issue-specific policy with the focus of what can and cannot be done to the company portal, who can do it and what the ramifications for non-compliance are. I have listed some issue-specific policy resources below.
If you are looking for a good example on a portal policy, please review the following site: http://security.sdsc.edu/policy/PortalPolicy.html. This may encompass what you are trying to accomplish with this type of policy.
Issue-specific policy resources:
For More Information:
Dig deeper on Data Privacy and Protection
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.