Guidelines, frameworks, proposed laws, etc.
This section includes documents that are issued with the intention of providing guidance to an organization's members on how to conduct their own privacy and data practices, or documents meant to serve as aspirational statements of law or policy for lawmakers. It excludes documents describing a company's own privacy and data security practices. The "Drafting Advice" box on this page lists resources to help in drafting a policy.
International & Regional Organizations
- APEC Cross-Border Privacy Rules (CBPR) SystemA project of the Asia-Pacific Economic Cooperation (APEC)
- APEC Privacy FrameworkA project of the Asia-Pacific Economic Cooperation (APEC)
- Framework on Personal Data ProtectionA project of ASEAN (Association of Southeast Asian Nations)
- OECD Privacy Guidelines (2013 revision)A project of the OECD (Organisation for Economic Co-operation & Development)
- Personal Data Protection Guidelines for AfricaA joint project of the Internet Society and the Commission of the African Union
- Policy on the Protection of Personal Data of Persons of Concern to the UNHCRA project of the United Nations High Commissioner for Refugees (UNHCR)
- Revised Guidelines on the Protection of Privacy and Transborder Flows of Personal DataA project of the Organization for Economic Cooperation and Development (OECD). The revised guidelines were issued in 2013 as an update to the very influential guidelines issued in 1980
Private Industry & Associations
- Australian Privacy CharterA project of the Australian Privacy Foundation
- BSA Privacy FrameworkA project of BSA/The Software Alliance
- CDT Federal Baseline Privacy Legislation Discussion DraftA project of the Center for Democracy & Technology (CDT)
- Data Privacy Guidelines for Small Utilities and Sample DocumentsA project of the Washington Public Utilities Districts Association
- DMA Interest-Based Advertising (IBA) Compliance Alert & Guidelines for Interest-Based AdvertisingA joint project of the DMA (Data & Marketing Association) and the ANA (Association of National Advertisers)
- ESC Privacy and Data Security PolicyA project of the European Society of Cardiology
- Fair Processing Principles to Facilitate Privacy, Prosperity and ProgressA project of the IAF (Information Accountability Foundation)
- Framework for Consumer Privacy LegislationA project of BR|Business Roundtable
- Framework to Advance Interoperable Rules (FAIR) on PrivacyA project of the Information Technology Industry Council (ITI)
- Generally Accepted Privacy Principles (GAPP)A joint project of the American Institute of Certified Public Accountants (AICPA) and the Chartered Accountants of Canada (CA)
- Guidelines for Ethical Business PracticeA project of the ANA (Association of National Advertisers). Several sections address privacy and data security
- IA Privacy Principles For A Modern National Regulatory FrameworkA project of the Internet Association (IA)
- Intel's Proposed Federal Privacy BillA project of the Intel company.
- The Keys to Data Protection: A Guide for Policy Engagement on Data ProtectionA project of Privacy International
- mHealth Data Security, Privacy, and Confidentiality: Guidelines for Program Implementers and PolicymakersA project of MEASURE Evaluation (an organization focusing on the uses of mobile technology)
- Model Privacy LegislationA project of the U.S. Chamber of Commerce
- NAI Code of ConductA project of the Network Advertising Initiative (NAI)
- Nonprofit Guidelines for Cybersecurity & PrivacyA project of Microsoft Philanthropies
- Payment Card Industry (PCI) Data Security StandardA project of the PCI Security Standards Council
- Privacy by Design: the Seven Foundational PrinciplesDeveloped by Ann Cavoukian as a set of guidelines to prioritize privacy in data systems.
- Responsible Data Guidelines: Managing Privacy and Personally Identifiable InformationA project of AIMS (agricultural information management standards)
- Self-Regulatory Principles for Online Behavioral AdvertisingA project of the DAA (Digital Advertising Alliance)
- The Time is Now: a Framework for Comprehensive Privacy Protection and Digital Rights in the United StatesA joint project of a group of 15 consumer and privacy organizations.
Academic Proposals
- A Model Regime of Privacy ProtectionOriginally published as a law review article, Professors Daniel J. Solove and Chris Jay Hoofnagle drafted this model regime as guidance for legislative drafting.
Drafting Advice
If a business or organization desires to draft a privacy or data security policy, the commercial legal databases offer tools to aid in this process.
- Practical Law from WestlawFollow the menu links: Intellectual Property & Technology > Privacy & Data Security. Filtering for "standard documents" or "standard clauses" will retrieve many documents relevant to creating privacy and data security policies.
- Lexis Practice AdvisorFollow the menu link to Data Security & Privacy. Under "Tasks," there is a link to Privacy Policies, which gives detailed drafting advise.
- Bloomberglaw's "portfolio series"The "portfolio series" has a number of guides that analyze privacy and data security issues across a number of technologies and offer practical advice for drafting policies.
