All agencies that handle personal information need to have internal and external privacy policies in place. The internal policies set process and expectations for staff to ensure that they get privacy right. The external policy - or privacy notice - is about being transparent with customers about how your agency collects, uses and protects personal information. They all need to be simple, engaging and plain English.
While you can of course create or borrow boilerplate policies from other agencies (there are plenty of examples online), these will not ultimately deliver because they won't mean anything to staff or customers. More importantly, as agencies strive to show accountability and build trust, their external privacy communications are becoming more critical to customer growth and retention.
We've drafted privacy policies and notices for countless agencies, and we take pride in making them creative and engaging, while of course ensuring that they meet our clients' legal obligations. We think our policies inject some fresh thinking into what can often be a stale compliance approach.