Privacy policies that work in the real world.

Strong privacy programs start with strong policies.‍

Our policy and program development services are designed to take the pressure off your team. We don’t just advise, we do the work. From drafting new policies to reviewing existing ones for compliance, we ensure your documents are clear, practical, and aligned with legal and organizational requirements.

You can count on us to keep projects moving, meet deadlines, and provide support in the way that works best for you—whether that’s leading development from start to finish, collaborating closely with your team, or stepping in to review and refine. With flexible, end-to-end support, we make sure your policies and programs are both compliant and effective.

What we offer

We work with organizations across sectors to build privacy policies that are:
‍
• Clear and easy to follow
• Tailored to your operations and risk profile
• Aligned with Canadian, US, and/or international privacy requirements

You can count on us to:

• Draft custom policies that fit your organization’s structure and workflows
• Review and revise existing policies with clear, practical recommendations
• Build tailored policy packages designed for your sector and jurisdiction
• Ensure alignment with key laws and frameworks

Types of policies we develop and support include:

Core Privacy Policies Privacy
• Policy (public-facing, e.g., website)
• Internal Privacy Policy (for staff and contractors)
• Consent Management Policy
• Data Collection, Use & Disclosure Policy
• Data Retention & Destruction Policy
• Data Accuracy & Correction Policy

Information Security & Access Access
• Control & User Management Policy
• Authentication & Password Management Policy
• Data Classification & Handling Policy
• Encryption & Secure Transmission Policy
• Device & Remote Work Privacy Guidelines (e.g., BYOD)
• Third-Party & Vendor Privacy Policy/Clauses

Health Information Privacy
• Personal Health Information (PHI) Handling Policy
• Patient/Client Confidentiality Policy
• Health Records Access & Disclosure Procedures
• Health Data Sharing & Research Policy
• Safeguards for Electronic Health Records

HR & Workplace Privacy
• Employee & HR Privacy Policy
• Workplace Monitoring & Surveillance Policy
• Recruitment & Background Check Privacy Policy
• Payroll & Employment Records Privacy Procedures
• Bring Your Own Device (BYOD) & Remote Work Privacy Guidelines

Breach Management & Incident Response
• Privacy Breach Response Procedure
• Incident Reporting & Escalation Procedure
• Breach Notification Policy (internal & external)
• Disaster Recovery & Business Continuity Plan (with privacy considerations)

Operational & Program-Specific
• Cookie & Tracking Technologies Policy
• Social Media & Communications Privacy Guidelines
• Data Subject Rights Procedure (access, correction, erasure, portability)
• Privacy Training & Awareness Policy

Why choose PrivacyWorks privacy solutions?

Led by senior privacy professionals

You’ll find our work behind the scenes in ministries, Indigenous organizations, health authorities, and more.

Flexible support to fit your needs

Whether you’re building from scratch, tightening up documents for a new audit, or updating policies to meet new legislation, we tailor our level of support to match your goals.

Up-to-date and jurisdictionally informed

Our team tracks federal, provincial, and international requirements closely, so your policies are always defensible and compliant.

Built around how you work

We craft policies that fit your organization’s day-to-day operations not just theoretical best practices. When policies reflect real workflows, teams are more likely to follow them.

Policy Development