Fundamentals of Online Policies
“This is against the organizational policy! our policy does not allow that! You are breaking out the policy!”
Have you ever heard such or similar sentences? What does that mean? Why do we need policies? How to apply them? How do they impact us?
Policies are principles, rules, and guidelines formulated or adopted by an organization or entity to address pertinent issues, such as what constitutes acceptable behavior by employees.
Policies are fundamental assets to the organizations, as they do assist the management in precising, identifying, designing, and controlling the behavioral frame and operational guidelines on how personnel should carry on their tasks. Adhering to policies can lead to minimal supervision while ensuring better performance with minimal supervision.
In general, policies come together with a set of procedures, where both are an essential component of any organization in addressing a certain subject.
Procedures are the specific methods employed to express policies in action in day-to-day operations, and clearly define the sequences of steps to be followed in response to a certain act; such as, how to respond to a cyberattack, or what to do in case of harassment or fraud, or any policy violations.
However, policies and procedures require companies' management, endorsement, and enforcement to be effectively implemented otherwise it will be subject to failures. Besides, this should be effectively communicated to employees and relevant actors, such as consultants or customers, this depends on the type of the policy, such as store sold items return policy, should be clearly communicated to staff and customers. Utilizing both policies and procedures during decision-making ensures that employers are consistent in their decisions.
Policies in digital platforms:
Nowadays, online policies and procedures are becoming very important and complex, especially with the increase of online presence and transaction as well the number of connected users and developed platform. Therefore, in a way to protect their citizens, governments have developed certain policies and regulation aligned with their digital law for better digital governance:
- GDPR: The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.
- CCPA: The California Consumer Privacy Act, takes the position that consumers “own” their privacy information and provides them five general “rights” for their personal information:
- To know what personal information is collected about them;
- To know whether and to whom their personal information is sold/disclosed, and to opt-out of its sale;
- To access their personal information that has been collected;
- To have a business delete their personal information;
- To not be discriminated against for exercising their rights under the Act.
- Qatar Data Management Policy: aims at establishing the governance and standard processes across the Government Agencies in the State of Qatar for managing and sharing data. It defines clear duties and responsibilities for all who manage public sector information. The policy includes key provisions on Data Governance, Data Administration, Data Protection, and Data Sharing. It should be noted that this policy operates subject to privacy, copyright, legal, and security considerations. Agencies should ensure that they are compliant to the relevant legislations applicable in the State of Qatar.
From a legal perspective, some of the policies especially the ones that are maintained by governmental entities are most likely to be legally binding, and failing to abide by may risk us to be penalized through the court, while companies internal policies might be less strict, failing to abide goes against the companies policy or code of conduct.