Policy Template Form

(found on page 11 of report)

Title:
Owner(s) (Unit and Sub-Unit or Position): Original Date of Approval: Revision Date(s):
Approved by: Review Cycle:

BACKGROUND/PURPOSE:

Address the following:

  • Why does the policy exist?
  • What are the driving and/or extenuating circumstances that require this particular policy in addition or exception to general Library policy?
  • Is the context provided, such as legal requirement versus professional ethics?

 

POLICY STATEMENT:

The following should be addressed as applicable:

 a.  Notice/Awareness

  • How are users and patrons informed of and directed to this policy?
  • How are Library Faculty and staff informed of and directed to this policy?
  • How are changes to the policy vetted and communicated?
  • Are the following points addressed and to what extent?
    • identification of the entity collecting the data; identification of the uses to which the data will be put;
    • identification of any potential recipients of the data;
    • the nature of the data collected and the means by which it is collected;
    • whether the provision of the requested data is voluntary or required;
    • steps taken by the data collector to ensure the confidentiality, integrity and quality of the data.

 b.  Choice/Consent

  • Are options for opting in and/or opting out clearly explained?
  • If options for opting in and/or opting out do not exist, is this clearly indicated?
  • If choice/consent is limited (e.g., does not extend to third-party services) is this clearly explained?

 c.  Access/Redress

  • Can an individual access data on himself or herself
  • Can an individual contest the data’s accuracy and completeness?
  • If users have the ability to examine and/or revise their personal data, is the procedure clearly explained?
  • If users do not have the ability to examine and/or revise their personal data, is this clearly indicated?
  • What are the problems or limits to the user in accessing their personal data?

 d.  Integrity/Security

  • Does the policy specify:

how data is protected
who has access to the data
how long the data is kept
whether it is anonymized

  • If data collected is to be used for research purposes, is that stated?

 

 e. Other Aspects of Content

  • Is the content of the policy accurate?
  • Is the policy up-to-date (note last reviewed date)?
  • Is it clear whether it is a policy or a procedure?
  • Is it specific enough?  Is it too specific?
  • Do links to documents or other information sources referenced within the policy still work?

 

DISCLAIMERS/SCOPE (AS NEEDED)

 To be addressed as needed: 

  • Does the policy cover all relevant situations?  If not, are exceptions clearly explained?
  • Does the policy make clear when a third-party data provider is involved, and provide a link to the third-party entity’s relevant policies? 
  • Does the policy indicate how the involvement of third parties constrains the Library’s ability to control data content and use?

 

SUMMARY OF CHANGES

A brief summary of significant changes to existing documents. Please include the last revision date and title of the document being replaced.

 

DOCUMENT APPROVAL & TRACKING

 

Item

Contact

Date

Departmental or Committee Ownership
Responsible Position [Administrator, Unit Head or Chair]
Departmental or Committee Approval
AC or EC Approval
University Librarian Approval

 

 

Appendix 3a:  Style Guidelines and Other Considerations for Privacy Policy Development

Style Guides:

  1. Use the clearest and simplest language.
  2. Include links to related policy and procedures, rather than repeating content from other sources, which may go out of date.
  3. State each item in the future (e.g. “the staff member will report such incidents to…”) or imperative (e.g. “Report such incidents to…”) tense.  Use the same tense throughout.
  4. Avoid over-use of jargon.
  5. Spell out acronyms the first time.
  6. Refer to people by position or role, not name.
  7. Is it in the right location on the website?
  8. Is it in the right category in the policy index?
  9. Is it linked from other appropriate web pages?
  10. Is it easily discoverable?
  11. Is the “official” version available as a downloadable PDF?

Other factors to consider:

  1. Is it in the right location on the website?
  2. Is it in the right category in the policy index?
  3. Is it linked from other appropriate web pages?
  4. Is it easily discoverable?
  5. Is the “official” version available as a downloadable PDF?