This commonly occurs when someone within a company writes their own policy terminology, posts it on a Web page or at the bottom of their email signature and doesn't communicate with the organization's legal council on the matter. A company should also have a privacy statement on its site that is validated by their lawyers to ensure that a misstatement is not used because it could be detrimental to the company down the road.
NIST has developed the following standard pertaining privacy policies:
Privacy portal policy examples:
You may be referring to another type of policy that outlines what can be posted on a portal, who is allowed to submit items to it, how the submissions should be supplied and approved, and what types of items management will not allow on the portal, etc.
I am not familiar with any specific standard on this type of policy. It would just be an issue-specific policy with the focus of what can and cannot be done to the company portal, who can do it and what the ramifications for non-compliance are. I have listed some issue-specific policy resources below.
If you are looking for a good example on a portal policy, please review the following site: http://security.sdsc.edu/policy/PortalPolicy.html. This may encompass what you are trying to accomplish with this type of policy.
Issue-specific policy resources:
For More Information:
Dig Deeper on Data privacy issues and compliance
Related Q&A from Shon Harris
When it comes to firewalls, the networking group often handles the installation, while the information security department writes the rules. Should ... Continue Reading
Before you begin putting the pieces of your security program together, you may want to have a look at ISO 27001. In this expert Q&A, Shon Harris ... Continue Reading
Is your organization capable of having true information security governance? In our expert Q&A, Shon Harris reveals the ideal components of a ... Continue Reading