ISO27001 states that “The organisation shall identify and meet the requirements regarding the preservation of privacy and protection of PII according to applicable laws and regulations and contractual requirements.” (A5.34 – Privacy and protection of PII).
PII is a term more often used in the USA, but in the UK we tend to talk about 'Personal Data'. They are not the same thing.
This is an important policy, because in truth we can't protect information if we're not protecting Data (Data comes first, then we get information from the data).
Our policy is designed to simplify and bring to life a topic which many people have heard of but don't tuly understand.
About our policies
This policy is written with the end-user in mind. It is not complicated, and it is written in 'plain english'. It's important to note that ISO27001 mandates key policies (where a control has been selected), but it does NOT mandate that the policies are BORING!
Keep the audience in mind. Don't reveal too much in your policies (i.e. don't mention specific technologies, as these may change over time.
Keep. It. Simple.
Data Protection Policy
Hey, we're not going to go all 'legal' on you here... that's not our style. But this is our Intellectual Property, and we'd prefer it if you didn't go sharing this with other people who haven't spent the money and bought a copy.
Of course, we can't really stop you... But are you that kind of person? We don't think you are. So if you want to tell people about your new found super power of ISO27001-Awesomeness, great... just don't give it away for free!