Digital Policies List

An accessibility policy is needed to ensure compliance with laws that dictate that digital channels such as websites or mobile applications are accessible to a broad audience—including those who are disabled. Some organizations that operate in countries where accessibility is not legally mandated might consider doing so anyway as a competitive advantage or to support their guiding principles (e.g., to better the lives of people).

Various regulations dictate what you can and cannot do when adver-tising products and services. This policy is intended to address those legal obligations and ensure you comply with regulations applicable to your industry, geographical operating country or region, and type of advertising.

As AI becomes commonplace in the daily lives of prospects and cus-tomers, your organization should consider not only whether and how to use the new digital capabilities, but also how it will develop select AI capabilities so as not to inadvertently introduce biases or bring about unintentional consequences (including legal and regulatory).

Peter Drucker once said, “You can’t manage what you can’t mea-sure.” That is just as true about digital. You need a documented policy on whether and how you will use analytics for your digital program and a clear identification of the associated metrics. Only then can your digital program succeed.

This policy ensures that the organization’s content is in line with its values—organizational, brand and perhaps customer—as well as with any applicable laws and regulations. It requires research into the laws, regulations and customs of the areas in which the organization operates, as well as a good bit of imagination on the part of the digital policy steward.

This policy addresses whether and how your organization will adopt the use of blockchain and other distributed ledger technologies and if so, what are the governing parameters and regulatory frameworks you will follow.

This policy addresses the importance your organization places on the various factors associated with your branding.

This policy addresses the way in which your organization collects, stores and processes personal data about children, but from the perspective of legal/regulatory requirements and your organization’s values. This is an especially important policy for multinational  organizations, because laws and regulations about children’s online privacy differ from country to country.

This policy is about the classification of information and digital systems within your organization to ensure the information is shared with the correct audiences and conversely, not shared when it ought to be kept within the confines of the organization or specific groups.

Data security doesn’t stop at your doors; it also applies to your vendors, service providers. So organizations at the Intermediate level need to scrutinize the practices of their third-party contractors as thoroughly as they scrutinize their own.

This policy addresses fair trade practices in the digital realm, encompassing things like fake user comments and fake sales. Understanding the laws that are applicable to your organization will enable you to better safeguard your legitimate rights and interests when faced with unfair competition online.

This policy identifies who has lifecycle responsibility for content development, publication, updating and deletion throughout all the  organization’s digital properties.

Cookies and tracking —e.g., hidden pixels in email—are used to collect personal data and track users’ online behavior. Not all countries require cookie and tracking disclosures, but many do have regulations requiring you to disclose cookies that are specific to an individual, and to disclose how, why and what you collect and which notifications and consents must be obtained from the user prior to collecting that data.

Policies in this category protect your organization’s intellectual  property and reassure consumers that you respect the intellectual property rights of others.

If you’re an online retailer or provider of B2C services, you ought to consider proactively protecting your organization’s name and online reputation by pursuing registration with an online dispute resolution (ODR) mechanism, such as the Better Business Bureau in the U.S. or the European Commission’s Online Dispute Resolution platform.

A data breach occurs when sensitive, protected or confidential information is stolen, accessed, or used without authorization. Every U.S. state, the European Economic Area (EEA), and several other countries all legally mandate timely data breach disclosure.

This policy addresses your approach to data management: how you structure it, label it and organize it. Your data is an extremely valu-able asset, but you can only realize that value if you can access and use the data when you need it—and do so easily.

This policy addresses where your data is physically stored, and how you transfer it from one location to another. It includes what your organization will do to comply with the various laws that prohibit or restrict the transfer of citizens’ data across borders.

Privacy policies are mandatory because you’re collecting data that can be used to identify an individual. Laws, including fed-eral and state laws in the US and various other countries, have provisions on data privacy.

This policy addresses how your organization will deal with information security. Specifically, it should describe the level of security the organization will strive for and the steps it will take to achieve those goals.

Various countries and regions have introduced regulations that give individuals the right to download and reuse their personal data for their own purposes across different services. Users are allowed to move, copy or transfer personal data easily from one organization to another.
Your organization ought to understand whether it is subject to any of these regulations—and if so, stipulate a policy about how you will comply.

This policy addresses how your organization will use its digital presence to take advantage of the growing popularity of online donations—via, for example, crowdfunding or patronage platforms. This will primarily affect nonprofits, although early stage for-profit organizations increasingly engage in fundraising efforts (if so, please consult your legal team first).

This policy addresses how your organization will manage its records. Accurate records are important for documenting, supporting, under-standing, and implementing organizational decisions.
Those records often also serve as legal documents—in which case they can be either an asset or a liability. In either case, it’s critical for everyone to be on the same page regarding the “official” version of all documents.

This policy addresses how an organization should identify, quantify, and present its digital activities in required financial documents (such as Forms 10-K or 10-Q). It’s another area where both the digital policy steward and subject matter experts need to stretch their imaginations to their limits in answering the question, “What could go wrong?”

This policy has two primary functions: Making sure your organization establishes ownership of all appropriate digital properties, and that all digital properties currently in use reflect well on your organization’s brand image.

This policy specifies how digital workers can effectively use email for marketing purposes, while remaining compliant with applicable laws/regulations, and avoiding reputational damage.

This policy is intended to protect your organization’s digital infra-structure in the event of a disaster. It should specify procedures you’ll follow to protect and recover from a natural disaster, malicious attack or other type of outage.

For many marketers, user-generated content (or UGC) is a dream come true—and it’s not hard to understand why. One reason is obvious: Free content frees up time and dollars for other campaigns. An-other reason is its effectiveness: Done right, UGC does a better job of increasing brand engagement than traditional promotional activities.[5]
In addition, users are twice as likely to share UGC than content generated by a brand. Not to mention that UGC can significantly boost SEO.
While this sounds like a win-win situation, it can also be your worst nightmare—if you don’t do it right.

The marketing of food products is regulated in some countries, especially when it involves marketing food products to children. In addition, your organization’s decisions about food marketing can impact your brand and your reputation.

An organization at the Expert level should already have a policy that addresses print documentation release and legacy electronic files. In most cases, such a policy can be expanded to cover digital content with little to no adjustments. But there are a few situations unique to digital; you should consider them and incorporate or update your e-discover, or Freedom of Information Ace (FOIA), policy accordingly.

Many nations have laws or regulations regarding the treatment of patients’ health information. In the U.S., health information is governed HIPAA. Other countries have similar laws.
Any organization dealing with an individual’s personal health  information—whether you’re a healthcare provider, an insurer or a provider of professional services such as billing—needs to take its policies in this area very seriously.

This policy addresses the behind-the-scenes aspect of an organization’s digital presence. It covers things like where and how your digital properties will be hosted and whether content will be stored onsite or in the cloud.

We’ve already covered policy considerations related to where your data is stored. This policy addresses where live content is  hosted—e.g., where your website is.
If you feel inclined to merge the two policies, feel free to do so. I’ve been challenged by book collaborators on this issue more than several times—and held my ground as you can see! But hosting of a website is potentially quite different from storage and hosting of content. This policy prevents the possibility of hosting a service with a sub-par vendor, or of an employee standing up a server under their desk in the name of delivering a crucial micro campaign. Think it can’t happen? Just last year I accidentally tripped on a cord under my cli-ent’s desk. The site was down for 37 minutes!

Many governments, including the U.S. government, have laws or regulations governing the export of certain technologies, including lists of countries and individuals to whom those technologies cannot be sold or transmitted.

This policy addresses the level of service excellence your organization is committed to providing, as well as your commitment to ethical business practices. Any organization at the Expert level should al-ready have such an integrity statement. This policy addresses how that statement should be published across the organization’s digital channels.

This policy specifies which languages and cultural conventions the organization will use in its digital channels and how, when or wheth-er the organization will dedicate resources to translate and localize content.

This policy should be developed and placed to ensure that all your digital channels have the content required to satisfy both regulatory requirements and best practices.

Illegal use of digital media that belong to another organization can result in lawsuits, government audits and associated fines—as well as damaged reputation.

Digital marketing communications and online products and services present great opportunities. But they also come with a price tag to the organization from a time and fiscal investment to foregone opportunities. Performance measurement and reporting is about understanding how well digital is doing, given the resources allocated by the organization.

This policy addresses the usability of your digital content. The purpose is to keep the user’s needs top of mind when writing content for your digital channels. For many organizations, that means  “unlearning” rules regarding use of academic language or legalese.

This policy focuses on where, when and how you advertise your brand or products. This is an extremely important topic from legal, regulatory and branding perspectives.

Everyone has their own sense of what SEO is, and even more so when it comes to the definition of good SEO. There is so much bad advice floating around—much of it was good advice once, but is now obsolete or even counter productive.

This policy specifies whether and how such notifications should be made digitally (a requirement in some countries).
Any Expert-level organization (and any publicly traded organization, Expert or not) should already have a policy in place regarding forward-looking statements and investor clauses. Some jurisdictions require that forward-looking statements and investor clauses be published via an organization’s website (e.g., U.S., Belgium). So this policy should address where web-equivalent of a print version of the statements will be housed.

This digital policy is intended to guide employees into correctly balancing their rights to free speech and personal use of social media, while also protecting the brand and reputation of your company.

This policy addresses the organization’s approach to official social media channels as well as the management of and response to any social media crises.

This policy is intended to ensure organizations that sell products carry over their supply chain compliance statement into the digital channels and thus comply with supply chain and antislavery laws.

This digital policy specifies who will or won’t do what when it comes to digital systems development. The policy addresses the chosen development methodology (e.g., waterfall, agile) that allows digital operations to be managed in a predictable and efficient manner— especially where dispersed or global teams are concerned.

This policy defines the start-to-finish process for purchasing and sub-scribing to digital technology (e.g., a CMS, social media listening tools, tools for analytics, database management tools, code repositories).  It also identifies the various roles involved in the process.

Virtual and crypto currencies and the emerging markets they are creating are a great opportunity for many organizations, but they also are associated with potential risks. With no central government and little to no regulations in place, you ought to consider a myriad of speed bumps in this new currency superhighway. Investor protection, asset security, high value heists, human error and forgetfulness around the intangible nature of asset class make this a vault of risks which you should think about before jumping in.

e-Detailing and healthcare marketing are regulated in the life sciences industry. Regulations apply to organizations using digital marketing to promote products and services to healthcare practitioners or to other individuals—including patients and prospective patients.
You should develop a digital policy in response to those regulatory requirements and how the organization will operate within the con-fines of the requirements. The policy should be based on the organization’s geographical target area (e.g., residence of those whom the marketing campaigns target).