Medical Privacy Policy Requirements Version 4

../Use_Case/Privacy_Commons_Statement_M.4.38# ¹ This is where the heavy lifting comes in.  Through some sort of consensus process or working groups, Privacy Commons should create a list of subject matter which privacy policies must address, even if they do not provide perfect protection. As the relevant subject matter would vary based on industry (ie, financial industry, medical industry, social networking industry, personal websites), separate Privacy Commons consensus bodies would develop required and optional subject matter.

² As the needs of each industry, pressures on privacy, and applicable laws change, the working groups or or consensus bodies will develop new versions of Privacy Policy Requirements for each industry. Self-declaration to a prior version will not invalidate the PC Statement, but consumers should be on notice that the company's privacy policy may not be complete.

³ In addition to identifying Critical, Required, and Optional Subject Matter, the working groups will also want to provide resources on model language for each subject.

⁴ Perhaps there is a law pending in Congress, or a new form of Data Profiling is emerging.  This is a great opportunity to reference emerging privacy issues without requiring that every policy address them.  The Working Group may then decide later to make the subject matter required in the future, or drop it altogether.

⁵ Link
⁵ Note

⁶ Link
⁶ Note

⁷ Link
⁷ Note

⁸ Link
⁸ Note

⁹ Link
⁹ Note

¹⁰ Link
¹⁰ Note

¹¹ Link
¹¹ Note

¹² Link
¹² Note

¹³ Link
¹³ Note

¹⁴ Link
¹⁴ Note