Digital Policies List

Once you recognize why you need policies or that you have some gaps in your existing policy framework, you’ll need to consider which areas and what types of policies you need to develop.

Digital Policies List Description

Accessibility policy

An accessibility policy is needed to ensure compliance with laws that dictate that digital channels such as websites or mobile applications are accessible to a broad audience—including those who are disabled. Some organizations that operate in countries where accessibility is not legally mandated might consider doing so anyway as a competitive advantage or to support their guiding principles (e.g., to better the lives of people).

Key Points:
  • Accessibility statement posted to digital channels
  • Accessibility tags added to content in digital channel(s)

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 73

Advertising (paid, social network, grassroots) policy

Various regulations dictate what you can and cannot do when adver-tising products and services. This policy is intended to address those legal obligations and ensure you comply with regulations applicable to your industry, geographical operating country or region, and type of advertising.

Key Points:
  • Legal or regulatory obligations with regards to advertising are clarified by the digital policy steward.
  • A digital policy outlines if and how the organization will use digital advertising (of any kind) to further its business objectives and who is authorized to make associated advertising decisions.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 169

Algorithm formatting and management (AI) policy

As AI becomes commonplace in the daily lives of prospects and cus-tomers, your organization should consider not only whether and how to use the new digital capabilities, but also how it will develop select AI capabilities so as not to inadvertently introduce biases or bring about unintentional consequences (including legal and regulatory).

Key Points:
  • A clear decision to adopt AI for digital communications or marketing efforts is made.
  • An AI strategy is developed for the organization.
  • Acceptable actions and uses of AI—including underlying technology, algorithms and training data—have been documented in the policy.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 175

Analytics and metrics collection policy

Peter Drucker once said, “You can’t manage what you can’t mea-sure.” That is just as true about digital. You need a documented policy on whether and how you will use analytics for your digital program and a clear identification of the associated metrics. Only then can your digital program succeed.

Key Points:
  • Decide whether analytics will be used by the organization and what the analytics strategy is.
  • Document the chosen analytics platform and what metrics will be collected and reported upon—and by whom.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 178

Appropriate and prohibited content policy

This policy ensures that the organization’s content is in line with its values—organizational, brand and perhaps customer—as well as with any applicable laws and regulations. It requires research into the laws, regulations and customs of the areas in which the organization operates, as well as a good bit of imagination on the part of the digital policy steward.

Key Points:
  • The organization clearly understands what types of content exposes the business to liability or could degrade the brand.
  • Content creators are educated to appropriate and prohibited types of content.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 178

Blockchain policy

This policy addresses whether and how your organization will adopt the use of blockchain and other distributed ledger technologies and if so, what are the governing parameters and regulatory frameworks you will follow.

Key Points:
  • A completed risk assessment of how blockchain will be used for marketing and product or service delivery purposes
  • A documented approach of what is and isn’t allowed within the scope of blockchain usage for meeting business objectives

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 183

Branding policy

This policy addresses the importance your organization places on the various factors associated with your branding.

Key Points:
  • Conduct an audit of all existing digital content.
  • Use the results of that audit to prioritize high-risk issues that need immediate attention.
  • Write a policy to address the rules that all content must follow, regardless of location or department.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 187

Children’s online privacy-protection policy

This policy addresses the way in which your organization collects, stores and processes personal data about children, but from the perspective of legal/regulatory requirements and your organization’s values. This is an especially important policy for multinational  organizations, because laws and regulations about children’s online privacy differ from country to country.

Key Points:
  • An audit has been completed to determine what, if any, digital channels and content target children (“children” to be defined by the laws in the relevant countries, as advised by the organization’s legal team).
  • A statement regarding collection of children’s data in digital channels has been posted to the organization’s digital properties.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 190

Classification protection statutes policy

This policy is about the classification of information and digital systems within your organization to ensure the information is shared with the correct audiences and conversely, not shared when it ought to be kept within the confines of the organization or specific groups.

Key Points:
  • Existing policy around information classification for corporate information has been reviewed for extensibility to digital channels.
  • A digital policy establishes when content and information must be classified according to the corporate information classification schedule.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 192

Cloud assurance policy

Data security doesn’t stop at your doors; it also applies to your vendors, service providers. So organizations at the Intermediate level need to scrutinize the practices of their third-party contractors as thoroughly as they scrutinize their own.

Key Points:
  • Cloud vendors meet the same legal and regulatory compliance requirements that the business applies to traditional, on premises hosting.
  • A clear cloud assurance policy has been developed and incorporated as part of all cloud vendor contracts.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 117

Competition and fair trading policy

This policy addresses fair trade practices in the digital realm, encompassing things like fake user comments and fake sales. Understanding the laws that are applicable to your organization will enable you to better safeguard your legitimate rights and interests when faced with unfair competition online.

Key Points:
  • A list of applicable fair trade laws and regulations applicable to the organization exists.
  • An audit of digital operations practices subject to fair trade laws and regulations has been documented for digital policy considerations.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 195

Content ownership and management policy

This policy identifies who has lifecycle responsibility for content development, publication, updating and deletion throughout all the  organization’s digital properties.

Key Points:
  • Clear identification of who owns what digital content.
  • An audit of content has identified what is ROT (redundant,  outdated, trivial) content.
  • A digital policy regarding content ownership with mandates for content updates and deletions is documented.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 197

Cookies and tracking policy

Cookies and tracking —e.g., hidden pixels in email—are used to collect personal data and track users’ online behavior. Not all countries require cookie and tracking disclosures, but many do have regulations requiring you to disclose cookies that are specific to an individual, and to disclose how, why and what you collect and which notifications and consents must be obtained from the user prior to collecting that data.

Key Points:
  • Understanding what, if any data you collect or want to collect in various digital channels.
  • Assessing what geographic areas your prospects and customers are based in
  • A policy documented, that states how you will disclose data collection to online users, as well as how you will collect, store, manage, and dispose of the collected data.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 76

Copyrights and protections policy

Policies in this category protect your organization’s intellectual  property and reassure consumers that you respect the intellectual property rights of others.

Key Points:
  • All webpages, marketing email content, mobile applications and other digital content tagged with a copyright notice that rep-resents the year the content was first published.
  • A policy documented, regarding how the organization ensures it protects the copyright of its content and how it enforces others’ copyrights when content is published by the digital workers in its own organization.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 79

Customer online dispute resolution platform policy

If you’re an online retailer or provider of B2C services, you ought to consider proactively protecting your organization’s name and online reputation by pursuing registration with an online dispute resolution (ODR) mechanism, such as the Better Business Bureau in the U.S. or the European Commission’s Online Dispute Resolution platform.

Key Points:
  • An ODR solution has been identified for the countries of digital operations.
  • The organization has registered with local country and/or regional ODRs and made a public statement on how it will address customer grievances.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 202

Data breach response policy

A data breach occurs when sensitive, protected or confidential information is stolen, accessed, or used without authorization. Every U.S. state, the European Economic Area (EEA), and several other countries all legally mandate timely data breach disclosure.

Key Points:
  • Vulnerabilities in data security audited and addressed.
  • A data breach policy documented, indicating what the organization will do to minimize the risk of a data breach and how it will respond if a breach does occur—including which governing law it will apply to its response plan.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 82

Data cataloging policy

This policy addresses your approach to data management: how you structure it, label it and organize it. Your data is an extremely valu-able asset, but you can only realize that value if you can access and use the data when you need it—and do so easily.

Key Points:
  • A call for organization-wide data labels has been completed.
  • The business case and resources for a data mapping and dictio-nary development effort are secured.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 204

Data localization policy

This policy addresses where your data is physically stored, and how you transfer it from one location to another. It includes what your organization will do to comply with the various laws that prohibit or restrict the transfer of citizens’ data across borders.

Key Points:
  • The business has clarified in which jurisdictions it operates a digital presence.
  • A digital policy addresses how the organization will address data localization in the jurisdictions where it is necessary.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 207

Data privacy policy

Privacy policies are mandatory because you’re collecting data that can be used to identify an individual. Laws, including fed-eral and state laws in the US and various other countries, have provisions on data privacy.

Key Points:
  • A privacy statement, documented and publicly posted for each digital property the organization operates where data is collected (including analytics)
  • A privacy policy detailing how the organization will manage and protect users’ personal data, documented and disseminated to those who create and manage digital properties on behalf of the organization

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 84

Data security policy

This policy addresses how your organization will deal with information security. Specifically, it should describe the level of security the organization will strive for and the steps it will take to achieve those goals.

Key Points:
  • Understand the organization’s data and your current security protocols.
  • Perform a security audit and address gaps in security practices.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 209

Data-portability rights policy

Various countries and regions have introduced regulations that give individuals the right to download and reuse their personal data for their own purposes across different services. Users are allowed to move, copy or transfer personal data easily from one organization to another.
Your organization ought to understand whether it is subject to any of these regulations—and if so, stipulate a policy about how you will comply.

Key Points:
  • The organization has mapped its prospect- and customer-set to countries and regions where data portability rights are  mandated.
  • A policy describes how the organization will ensure individuals can take advantage of their rights to obtain their data and transfer it to another organization.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 121

Digital fundraising and donations policy

This policy addresses how your organization will use its digital presence to take advantage of the growing popularity of online donations—via, for example, crowdfunding or patronage platforms. This will primarily affect nonprofits, although early stage for-profit organizations increasingly engage in fundraising efforts (if so, please consult your legal team first).

Key Points:
  • Legal validation for compliance with online fundraising laws has been accomplished.
  • An online fundraising statement has been posted in the digital channels where campaigns are taking place.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 213

Digital records management policy

This policy addresses how your organization will manage its records. Accurate records are important for documenting, supporting, under-standing, and implementing organizational decisions.
Those records often also serve as legal documents—in which case they can be either an asset or a liability. In either case, it’s critical for everyone to be on the same page regarding the “official” version of all documents.

Key Points:
  • Traditional records management policy and requirements have been extended to your digital channels.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 216

Digital risk financial statement policy

This policy addresses how an organization should identify, quantify, and present its digital activities in required financial documents (such as Forms 10-K or 10-Q). It’s another area where both the digital policy steward and subject matter experts need to stretch their imaginations to their limits in answering the question, “What could go wrong?”

Key Points:
  • Your organization’s chief financial officer or equivalent has confirmed the level of digital risk disclosure that will be provided by the organization to shareholders and investors.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 218

Domain names, certificates, email addresses, social media handles, app names policy

This policy has two primary functions: Making sure your organization establishes ownership of all appropriate digital properties, and that all digital properties currently in use reflect well on your organization’s brand image.

Key Points:
  • An audit of all organizational digital properties and registered domains, certificates, social media handles and mobile apps has been undertaken and the results documented.
  • A digital policy is documented and socialized with digital workers to drive clear ownership of properties and digital artifacts that belong to the organization, including robust mechanisms to ensure domains and certificates do not  expire.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 123

Email marketing and spam policy

This policy specifies how digital workers can effectively use email for marketing purposes, while remaining compliant with applicable laws/regulations, and avoiding reputational damage.

Key Points:
  • A statement regarding how users can opt out of being contact-ed by your organization—even if they originally requested to be contacted—should be included in the terms of use on your web-site.
  • A plain language statement should be included in the footer of any email or text message you send to users.
  • It is advisable to use “confirmed opt-in” any time a user wants to engage in any sustained contact—for example, newsletters, notification of monthly song releases or updates on what the organization is doing. This opt-in mechanism allows you to validate that the person requesting the subscription is actually the owner or has access to the email being registered. Typically, you ask the user to click on a link that you email to the address they entered to confirm they’ve given their own email address and not mistyped it. Unless you receive that confirmation, you should send no more email to that address.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 87

Emergency response and business continuity policy

This policy is intended to protect your organization’s digital infra-structure in the event of a disaster. It should specify procedures you’ll follow to protect and recover from a natural disaster, malicious attack or other type of outage.

Key Points:
  • A determination has been made of how long a digital  infrastructure outage can be tolerated by the organization—an hour? A day?
  • A documented policy has been developed to address what preventative and reactive steps the organization will take if a disaster should take place—and how it will recover.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 89

End-user-generated content

For many marketers, user-generated content (or UGC) is a dream come true—and it’s not hard to understand why. One reason is obvious: Free content frees up time and dollars for other campaigns. An-other reason is its effectiveness: Done right, UGC does a better job of increasing brand engagement than traditional promotional activities.[5]
In addition, users are twice as likely to share UGC than content generated by a brand. Not to mention that UGC can significantly boost SEO.
While this sounds like a win-win situation, it can also be your worst nightmare—if you don’t do it right.

Key Points:
  • Risks and opportunities of using UGC in your marketing efforts have been defined.
  • A documented approach is in place for when and how UGC will be leveraged by the organization.
  • A public-facing statement about UGC has been embedded in all digital channels, or if some channels are not addressed, we’ve recorded specific reasons for not doing so.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 225

Food marketing policy

The marketing of food products is regulated in some countries, especially when it involves marketing food products to children. In addition, your organization’s decisions about food marketing can impact your brand and your reputation.

Key Points:
  • Legal counsel has confirmed what food marketing laws the organization should follow, if any, based on the prospect geographical location.
  • A digital policy outlines the do’s and don’ts of online food marketing, for digital workers to factor into their digital operations efforts.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 229

Freedom of Information Act, subject access request and e-discovery policy

An organization at the Expert level should already have a policy that addresses print documentation release and legacy electronic files. In most cases, such a policy can be expanded to cover digital content with little to no adjustments. But there are a few situations unique to digital; you should consider them and incorporate or update your e-discover, or Freedom of Information Ace (FOIA), policy accordingly.

Key Points:
  • In consultation with your legal counsel, you should identify what, if any, e-discovery or FOIA requirements you may be subject to, and how you will respond to any such requests where digital channels are in question.
  • Working with your organization’s risk or policy group, you should extend relevant policies to include digital channels and associated content.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 232

Health information and HIPAA policy

Many nations have laws or regulations regarding the treatment of patients’ health information. In the U.S., health information is governed HIPAA. Other countries have similar laws.
Any organization dealing with an individual’s personal health  information—whether you’re a healthcare provider, an insurer or a provider of professional services such as billing—needs to take its policies in this area very seriously.

Key Points:
  • Extend the organization’s existing HIPAA policy to reflect requirements for digital operations practices.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 236

Hosting and content-storage policy

This policy addresses the behind-the-scenes aspect of an organization’s digital presence. It covers things like where and how your digital properties will be hosted and whether content will be stored onsite or in the cloud.

Key Points:
  • Hosting solutions are established.
  • Hosting solutions and performance requirements are documented in a policy.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 126, 238

Hosting policy

We’ve already covered policy considerations related to where your data is stored. This policy addresses where live content is  hosted—e.g., where your website is.
If you feel inclined to merge the two policies, feel free to do so. I’ve been challenged by book collaborators on this issue more than several times—and held my ground as you can see! But hosting of a website is potentially quite different from storage and hosting of content. This policy prevents the possibility of hosting a service with a sub-par vendor, or of an employee standing up a server under their desk in the name of delivering a crucial micro campaign. Think it can’t happen? Just last year I accidentally tripped on a cord under my cli-ent’s desk. The site was down for 37 minutes!

Key Points:
  • An audit of all organizational websites (including microsites and extranets), to ensure they are hosted in an environment and by a  provider that aligns with this digital policy.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 238

Information and technology export controls policy

Many governments, including the U.S. government, have laws or regulations governing the export of certain technologies, including lists of countries and individuals to whom those technologies cannot be sold or transmitted.

Key Points:
  • Laws and regulations for technology exports of every country where you operate have been identified.
  • A digital policy stipulates how the organization will address technology export controls requirements to legally comply with countries where it operates.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 241

Integrity statement policy

This policy addresses the level of service excellence your organization is committed to providing, as well as your commitment to ethical business practices. Any organization at the Expert level should al-ready have such an integrity statement. This policy addresses how that statement should be published across the organization’s digital channels.

Key Points:
  • Determine how the organization’s integrity statement can be used for marketing communication or sales in digital channels.
  • Extend the organization’s existing policy on the integrity statement, applying it to digital channels.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 248

Language and content localization policy

This policy specifies which languages and cultural conventions the organization will use in its digital channels and how, when or wheth-er the organization will dedicate resources to translate and localize content.

Key Points:
  • Determine which countries and regions in which you have prospects or customers require content to be localized for language or culture.
  • Document your digital policy to reflect when and how you will localize content so as to meet your market-specific objectives.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 250

Mandatory content by channel policy

This policy should be developed and placed to ensure that all your digital channels have the content required to satisfy both regulatory requirements and best practices.

Key Points:
  • Working with your legal team, identify what content is mandatory for each of the organization’s digital properties—e.g., website, social media channels, mobile applications, email cam-paigns (based on country targeted, purpose of property and legal or regulatory mandate).
  • Develop a checklist of mandated content by property.
  • Perform an audit to determine which properties lack compliance in this area.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 253

Online piracy policy

Illegal use of digital media that belong to another organization can result in lawsuits, government audits and associated fines—as well as damaged reputation.

Key Points:
  • Organizational digital practices are free of online piracy practices.
  • Digital policy documents how the organization will comply with laws and prevent online piracy by the organization and its employees.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 92

Performance measurement and reporting policy

Digital marketing communications and online products and services present great opportunities. But they also come with a price tag to the organization from a time and fiscal investment to foregone opportunities. Performance measurement and reporting is about understanding how well digital is doing, given the resources allocated by the organization.

Key Points:
  • Identification of key points of measurement that matter to the business
  • Addition of performance metrics and reporting to senior leadership regular agenda (e.g., quarterly leadership meeting)

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 255

Plain language policy

This policy addresses the usability of your digital content. The purpose is to keep the user’s needs top of mind when writing content for your digital channels. For many organizations, that means  “unlearning” rules regarding use of academic language or legalese.

Key Points:
  • Identify candidate pages that could benefit from plain language writing.
  • Adopt a plain language writing approach for your digital workers. U.S. government advice that you might want to consider  includes:

› Write for your reader, not yourself.

› Use pronouns when you can.

› State your major point(s) first, before going into details.

› Stick to your topic.

› Limit each paragraph to one idea and keep it short.

› Write in active voice. Use the passive voice only in rare cases. › Use short sentences as much as possible.

› Use everyday words. If you must use technical terms, explain them on the first reference.

› Omit unneeded words.

› Keep the subject and verb close together.

› Use headings, lists, and tables to make reading easier.

› Proofread your work—and have a colleague proof it as well.

See: https://plainlanguage.gov/media/FederalPLGuidelines.pdf

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 257

Product advertisement and placement policy

This policy focuses on where, when and how you advertise your brand or products. This is an extremely important topic from legal, regulatory and branding perspectives.

Key Points:
  • Industry-specific advertising regulations and laws are identified and communicated to marketing and advertising professionals.
  • Awareness of historical issues in the advertising channel, e.g., controversial YouTube content preceding or following your organization’s advertisement, has been socialized.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 128

Search engine optimization (SEO) policy

Everyone has their own sense of what SEO is, and even more so when it comes to the definition of good SEO. There is so much bad advice floating around—much of it was good advice once, but is now obsolete or even counter productive.

Key Points:
  • SEO strategy or an industry benchmark has been established for the organization.
  • SEO policy is documented detailing what digital workers must never do to realize the SEO strategy.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 131

Shareholder notifications and disclosures policy

This policy specifies whether and how such notifications should be made digitally (a requirement in some countries).
Any Expert-level organization (and any publicly traded organization, Expert or not) should already have a policy in place regarding forward-looking statements and investor clauses. Some jurisdictions require that forward-looking statements and investor clauses be published via an organization’s website (e.g., U.S., Belgium). So this policy should address where web-equivalent of a print version of the statements will be housed.

Key Points:
  • Meet with the CFO and General Counsel (or attorney advising the company) to identify what information to post and where to post it.
  • Countries have different laws, so what you decide to do next will be unique to your company. For example, if your organization deals in mutual funds, exchange-traded funds,  closed-end funds, or specific registered unit investment trusts you can satisfy your obligation to deliver shareholder reports by posting content on-line. As of January 1, 2019, in the U.S. you are allowed to make disclosures publicly accessible on a website, but you must still mail investors a short form paper notice of the availability of such shareholder report. You will likely need to coordinate with workers outside of digital operations.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 260

Social Media (personal use) policy

This digital policy is intended to guide employees into correctly balancing their rights to free speech and personal use of social media, while also protecting the brand and reputation of your company.

Key Points:
  • Social media personal use policy has been defined and incorporated into the organization’s human resources processes.
  • Social media personal use policy is socialized with employees and vendor partners.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 263

Social media policy (official use)

This policy addresses the organization’s approach to official social media channels as well as the management of and response to any social media crises.

Key Points:
  • Identify official spokespeople for the organization and whether special training for social media management should be required.
  • Document the individuals who are allowed to speak in social  media channels on behalf of the organization.
  • Document a policy for official organizational social media use.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 267

Supply Chain Act and Modern Slavery Act policy

This policy is intended to ensure organizations that sell products carry over their supply chain compliance statement into the digital channels and thus comply with supply chain and antislavery laws.

Key Points:
  • Organization has determined need for compliance with supply chain and antislavery laws.
  • Public statement is reflected on digital properties that require public disclosure.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 271

Systems development policy

This digital policy specifies who will or won’t do what when it comes to digital systems development. The policy addresses the chosen development methodology (e.g., waterfall, agile) that allows digital operations to be managed in a predictable and efficient manner— especially where dispersed or global teams are concerned.

Key Points:
  • An inventory of existing systems development is developed for the enterprise.
  • The organization has determined (and normalized) how it will develop marketing and communications platforms—and whether that will be a different approach than traditional IT projects use.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 273

Technology identification and selection policy

This policy defines the start-to-finish process for purchasing and sub-scribing to digital technology (e.g., a CMS, social media listening tools, tools for analytics, database management tools, code repositories).  It also identifies the various roles involved in the process.

Key Points:
  • Intent to clarify who is responsible for digital technology deci-sion making is communicated.
  • Who is accountable and responsible for decision making around various digital technologies is documented.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 136

Virtual and crypto currency policy

Virtual and crypto currencies and the emerging markets they are creating are a great opportunity for many organizations, but they also are associated with potential risks. With no central government and little to no regulations in place, you ought to consider a myriad of speed bumps in this new currency superhighway. Investor protection, asset security, high value heists, human error and forgetfulness around the intangible nature of asset class make this a vault of risks which you should think about before jumping in.

Key Points:
  • A determination on whether and how the organization will begin using virtual currency for business purposes
  • A clear determination from a finance and tax perspective of implications

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 276

e-Detailing and healthcare marketing policy

e-Detailing and healthcare marketing are regulated in the life sciences industry. Regulations apply to organizations using digital marketing to promote products and services to healthcare practitioners or to other individuals—including patients and prospective patients.
You should develop a digital policy in response to those regulatory requirements and how the organization will operate within the con-fines of the requirements. The policy should be based on the organization’s geographical target area (e.g., residence of those whom the marketing campaigns target).

Key Points:
  • Determine which, if any, of your digital marketing and online efforts constitute e-Detailing.
  • Consult with your in-country legal team for those jurisdictions where marketing is taking place and determine whether  “e-Detailing” requirements apply.

Policy background, how is done: Immediate steps, Documenting and Implementing the policy in "The Power of Digital Policy" book, page: 221