Digital Policy Areas and Types

Once you recognize why you need policies or that you have some gaps in your existing policy framework, you’ll need to consider which areas and what types of policies you need to develop.

Policies By Type

Legal and Regulatory Policies

Policies addressing legal or regulatory issues help you meet or exceed industry, regional, and/or national requirements. Legal requirements, like rules on accessibility or personal info, generally apply across industries. Regulatory requirements are industry specific, such as regulations on advertising prescription drugs. Both differ by industry and country.
Whether or not you choose to address a specific legal or regulatory risk with an organizational policy, your organization should at least discuss it and potential consequences.

Examples Include

  • Accessibility (WCAG/W3C)
  • Advertising (paid, social network, grassroots)
  • Appropriate Content/Prohibited Content
  • Children's Online Privacy Protection
  • Classification Protection Statutes
  • Cloud Assurance
  • Consumer Online Dispute Resolution Platform
  • Cookies and Tracking Devices
  • Copyrights and Protections (inclusive of links, intellectual property protections)
  • Data Breach Notification Policy
  • Data Privacy
  • Data Shield/ Data Localization
  • Data/Information Security
  • Digital Fundraising and Donations
  • Digital Records Management (all channels)
  • Digital Risk Fiscal Statement
  • Domain Names, Email Addresses, Social Media Handles, Mobile Application Names
  • E-Detailing and Healthcare Marketing
  • Email Marketing (CAN/SPAM)
  • Food Marketing
  • Forward-Looking Statements and Investor Clauses
  • Health Information and Patient Information Management
  • Hosting and Content Storage
  • Information and Technology Export Controls
  • Language and Content Localization
  • Online Advertising & Promotion Policy
  • Online Piracy
  • Plain Language
  • Privacy/Personally Identifiable Information (PII) Protection
  • Product Advertisement and Placement
  • Product and Services Integrity Statement
  • Right to Data Portability
  • Shareholder Notifications and Disclosures
  • Social Media (official use)
  • Supply Chain Act
  • Third Party Risk Management
  • Use and Display of Organization's Logo, Registered Names, and Trademarks

Industry Best Practice Policies

They aren’t legally required, but policies codifying best practices just make good business sense.
For example, there’s no law against mistreating your logo. But, if delivering on-brand experiences is a core business objective, you should have a policy to ensure anyone who creates content for any digital channel sticks to established brand guidelines.

Examples Include

  • Accessibility (WCAG/W3C)
  • Appropriate Content/Prohibited Content
  • Branding
  • Cloud Assurance
  • Content Ownership
  • Data Cataloguing
  • Data Privacy
  • Domain Names, Email Addresses, Social Media Handles, Mobile Application Names
  • Emergency Preparedness and Response/Failover/Disaster Recovery
  • Hosting and Content Storage
  • Information Management and Quality/Redundant, Outdated, Trivial Information (ROT)
  • Search Engine Optimization (SEO)
  • Social Media (personal use)
  • Systems Development (web, mobile applications)
  • Technology Identification & Selection

Policies for Your Industry

Banking and Investment Services

In the banking and financial services sector, digital requirements are compounded with traditional regulatory obligations. But with the right policy framework translated into clear guardrails, your digital, marketing, and IT teams can collaborate on an experience that both engages your customers and minimizes your risk.


Educational institutions, especially universities, need digital channels to recruit students and support their learning journeys. As a result, your focus may be on experience, not compliance. Functionality might come before accessibility, design before consistency, and the independence of academic departments before cohesiveness with the larger institution. To minimize these conflicts and maximize ROI on tight budgets, your educational institution should consider a range of policies.

Energy and Utilities

Water, electricity, transportation, or communication. Public or private. B2B or B2C. Not only are digital requirements for energy and utilities different from other sectors, but they vary widely within the industry itself. Amidst this complexity, you need clarity. Consider inventorying your digital policies and looking for gaps.


Today, citizens want federal, regional, state, and local agencies to provide digital experiences on par with Amazon and Apple. Rising citizen expectations, combined with long-standing e-government requirements, mean agencies must now enforce consistent branding, protect privacy and data, and develop user-centric experiences. All while reducing the cost to taxpayers. To deliver on your mission and citizens’ demand for digital government, make sure these policies are in place.

Health and Life Science

With a long list of regulatory issues all differing by country and by region, healthcare and life sciences is one of the most complicated, regulated industries from any perspective. Digital included. Marketers targeting providers and patients undoubtedly understand communications. But they may not understand the intricacies of drug promotion in the US versus UK versus UAE. What is appropriate, expected, and legal in one market, may not be in another. Understanding and mapping out the opportunities will provide you economies of scale that translate to competitive advantage.


Conservative by nature, your insurance company may not have poor publishing practices or careless digital habits to break. But, the same caution that has insulated you from risk online could also hinder your ability to meet customer expectations in an increasingly omni-channel service delivery model. As mobile claims replace paper ones, leveraging digital technologies and protecting your organization from the inherent risks requires policies.


Whether you make self-driving cars or lug nuts, digital marketing, communications, and sales make your business far more complex. For example, how well does your firm understand the California Transparency in Supply Chains Act? If you do any business in the state and generate global revenues of $100+ million, you not only have to comply, you have to post compliance reports online. Even if you’re a B2B, you should at least consider what may and may not be required and make an informed, business-level decision that balances the digital risks and rewards. 


Digital has transformed so many sectors, but the media industry has arguably felt most disruption. From continually evolving monetization strategies, to leveraging new media, to ever-smarter analytics, you have to balance digital advantages and risks in almost every aspect of your business. Yet, digital policies can drive competitive advantage for many media organizations as they modernize infrastructure and consider new sourcing strategies. 


Large online retailers such as Amazon and eBay are setting the bar for best practice, regulatory, and legal compliance. Yet, overall the sector is struggling with digital opportunities and risks. How can you leverage big data to fuel cross-channel experiences without compromising customer privacy? How do you navigate global regulatory environments to sell in new markets? Digital policies have never been more relevant in the retail industry. Success will require a sound digital policy program including …


While non-profits and NGOs both perform significant online fundraising, they actually need very different digital policies for regulatory compliance. Generally, NGOs aren’t under the jurisdiction any specific country, as they work under international law. However, local operations are often better positioned to promote their cause or avoid political missteps if they comply with country-specific laws. Does your not-for-profit organization – whether a non-profit or NGO – have the right digital policies in place?

Policies for Your Team

Legal, Regulatory, Compliance

If IT is focused on keeping digital systems up and running, digital marketing is busy developing campaigns and improving the experience, and business units are churning out content for the digital channels, who is minding all your digital activity and addressing potential risks? The answer should probably be you: the legal, regulatory, or compliance team. With both the ear of leadership and a clear view of the big picture, you’re positioned to help digital stakeholders understand the opportunities and risks. In-house legal, regulatory, or compliance teams, as well as external counsel, should consider the sound policies.

Digital Marketing

You live in a complex world of competing priorities including maximizing multichannel marketing, personalizing the customer experience, and measuring marketing data and analytics. Your job is understanding the customer and their brand’s value to them, not understanding every law and regulation in local markets. Digital policies will help you understand exactly what to do and what not to do in each market. So, you’re free to be creative and innovative within those known parameters. 

Information Technology

At some organizations, entire policy areas are delegated to IT with the thinking that policies on technology require technical expertise. While there are policies that IT should rightfully author and implement, for digital initiatives to be successful, you must involve all aspects of the business in policy development. 

Business Units/Content Creators

Unlike any other department, individual business units have the most insight on what the organization delivers into the marketplace. This is where great ideas are born, where customer problems are solved, and where content originates from deep insight. However, this is also where content can veer off-brand or place the business at risk. Good digital policies help business units and owners deliver good digital content.