• Home
  • Blogs

Understanding Privacy & Code Of Conduct: Complete Guide

Sanju Kumari
9 May 2024
17 min read
Understanding Privacy & Code Of Conduct: Complete Guide

Thanks to rapid digitization, in today's world, protecting personal information and acting ethically are more important than ever. By following clear rules about privacy and code of conduct, organizations can build trust with their customers, employees, and partners. This trust is essential for success.

When companies respect privacy and act ethically, they avoid legal trouble and keep their reputation intact. A strong code of conduct also helps create a positive work environment where everyone feels respected and valued. Let’s understand the privacy and code of conduct in detail, learn how it benefit companies, and explore some applicable US laws.

What is Privacy and Code of Conduct (COC)?

In the context of business organizations, privacy and a code of conduct are two fundamental pillars. They help establish ethical and professional behavior within the corporate world.

Let's understand both these terms individually:


In simple terms, “privacy” is the fundamental right of individuals to control the collection and usage of their personal information. In the corporate world, this includes:

  • Employee records
  • Customer data
  • Financial information, and
  • Any other sensitive data

Organizations must have robust privacy policies in place to safeguard this information. Mostly, failure to do so leads to:

  • Breaches of trust with stakeholders 
  • Legal ramifications due to non-compliance with privacy laws and regulations.

Code of Conduct

We can consider the code of conduct as a framework for:

  • Ethical guidelines and Behavioral standards

These codes outline the expected conduct for employees within an organization and serve as a guide for professional behavior. Some common aspects covered by these codes include:

  • Conflicts of interest
  • Harassment
  • Confidentiality
  • Professional Conduct

How do codes of conduct vary across different sectors?

It must be noted that codes of conduct vary across different sectors and organizations. No matter where they are implemented, they keep serving as guiding principles for:

  • Ethical behavior and
  • Professional Conduct

Let’s have a look at some code of conduct examples to understand this variation:

  • Corporate Code of Conduct
  • Microsoft Standards of Business Conduct
  • Microsoft's code outlines principles regarding:
  • Integrity
  • Compliance with laws and regulations
  • Confidentiality
  • Conflicts of interest, and
  • Ethical business practices
  • Google Code of Conduct
  • Google's code emphasizes:
  • Honesty
  • Integrity
  • Respect for others
  • Compliance with laws, and
  • Accountability
  • These codes guide employees on ethical behavior in their professional activities.
  • Industry-Specific Codes
  • American Medical Association (AMA) Code of Medical Ethics
  • This code provides guidelines for physicians on:
  • Professional Conduct
  • Patient relationships
  • Confidentiality, and
  • Ethical decision-making in medical practice.
  • American Bar Association (ABA) Model Rules of Professional Conduct
  • Lawyers adhere to these rules governing ethical conduct in their professional interactions.
  • This even includes:
  • Client confidentiality
  • Conflicts of interest, and
  • Integrity in legal practice.
  • Governmental Codes
  • United Nations (UN) Code of Conduct for Law Enforcement Officials
  • This code outlines principles for law enforcement officers worldwide
  • They primarily focus on emphasizing respect for:
  • Human rights
  • Integrity
  • Impartiality, and
  • Accountability.
  • U.S. Government Standards of Ethical Conduct for Employees
  • Federal employees must adhere to these standards, which cover:
  • Conflicts of interest
  • Gifts outside employment, and
  • Use of government resources
  • Academic Institution Codes
  • Harvard University Code of Conduct
  • Harvard's code sets expectations for:
  • Student behavior
  • Academic integrity
  • Respect for diversity, and
  • Responsible citizenship within the university community.
  • National Association of Student Personnel Administrators (NASPA) Student Affairs Professionals Standards of Professional Practice
  • This code guides professionals in higher education on:
  • Ethical conduct
  • Professional development, and
  • Student advocacy.

How do organizations benefit by integrating privacy into the Code of Conduct (COC)?

Let’s have a look at the three most realized benefits

  • Benefit I: Building Trust
  • Companies committed to protecting sensitive information can build trust with:
  • Customers
  • Employees, and
  • Partners
  • Benefit II: Legal Compliance
  • The integration of privacy and COC helps ensure that the organization complies with relevant privacy laws and regulations
  • This approach:
  • Mitigate legal risks 
  • Ensures efficient risk management.
  • Positive Company Culture
  • A strong code of conduct promotes a positive company culture
  • It encourages ethical behavior and creates a cohesive work environment where employees feel respected and valued.

What are some Privacy and Codes of Conduct related to US laws? 

The US government has issued several laws and regulations that every organization has to follow while establishing their privacy policies and codes of conduct (COC). Let’s study some major laws:

General Data Protection Regulation (GDPR)

  • The GDPR is a European Union regulation
  • It sets stringent requirements for collecting, processing, and protecting personal data. 
  • While it's an EU regulation, it also applies to any organization worldwide that handles the data of EU citizens. 
  • This means US-based companies interacting with EU citizens must comply with GDPR data protection and privacy standards.

How does the GDPR apply to US companies?

The application of GDPR to US companies depends on two critical rules:

Rule I: Establishment in the EU

  • If a US company has any establishment in the EU, such as employees, agents, or branches, the GDPR regulations apply to the activities of that EU-based establishment.
  • This means that any personal data processing conducted by the EU-based establishment must comply with GDPR standards.

Rule II: Offering Goods or Services to EU Residents

  • GDPR applies to a US company, which:
  • Offers goods or services to individuals in the EU 


  • Monitors the behavior of individuals in the EU
  • This holds true even if such a US company doesn't have any physical presence in the EU
  • Some common examples of how to understand this scenario could be:
  • A US company has a website accessible to EU residents
  • A US company engages in online advertising targeting EU audiences.

Some key points to note

  • The GDPR applies based on the location of the data subject (the EU resident)
  • Its applicability is not determined based on the company's own location or citizenship.
  • US companies that interact with or monitor EU citizens must adhere to GDPR standards regarding:
  • Data protection
  • Privacy policies
  • Consent
  • Data subject rights, and more.
  • Non-compliance with GDPR regulations can result in significant penalties.

California Consumer Privacy Act (CCPA)

  • The CCPA is a California state law
  • It is designed to give consumers more control and transparency over the personal information that businesses collect. 
  • It requires companies to:
  • Disclose their data collection practices 


  • Allow consumers to opt out of the sale of their personal data
  • While it's a state law, its impact extends beyond California, as many businesses operating in the US adapt their practices to comply with CCPA standards.

Health Insurance Portability and Accountability Act (HIPAA)

  • HIPAA is a federal law
  • It establishes national standards to protect sensitive patient health information
  • It mandates safeguards to ensure the confidentiality and integrity of protected health information (PHI)

Let’s have a look at some common types of safeguards mandated by HIPAA:

  • Technical Safeguards
  • Secure electronic PHI (ePHI) by using:
  • Firewalls
  • Encryption, and
  • Other technologies 
  • Administrative Safeguards
  • Policies and procedures to limit PHI access to authorized personnel
  • Employee training on privacy and security practices
  • Risk assessment and management processes 
  • Physical Safeguards
  • Locking up physical records and devices containing PHI Controlling access to facilities where PHI is stored or accessed

Code of Conduct vs. Code of Ethics

Both codes of conduct and codes of ethics have distinct characteristics and purposes. Often, they work together to:

  • Promote ethical behavior 


  • Guide individuals and organizations in upholding:
  • Moral standards
  • Values in their actions and decisions.

Let’s compare both these terms on several broad parameters:

What do they mean?

Code of Conduct

  • A code of conduct is a set of rules and guidelines
  • These outline expected behaviors and standards of conduct for individuals within an organization
  • It typically addresses specific actions and behaviors related to:
  • Professional Conduct
  • Interactions with colleagues and clients
  • Compliance with laws and regulations
  • Adherence to organizational policies

Code of Ethics

  • A code of ethics, on the other hand, is a broader set of principles and values.
  • These guide individuals or organizations in:
  • Making ethical decisions and
  • Conducting themselves in a morally upright manner
  • These codes reflect the fundamental beliefs and moral philosophy of the organization
  • Most ethical codes focus on principles such as:
  • Honesty
  • Integrity
  • Fairness
  • Respect
  • Social responsibility

How do they distinguish themselves?


  • A code of conduct focuses on specific behaviors and actions within a particular context, such as:
  • Workplace behavior
  • Professional conduct within a specific industry
  • It often includes rules and guidelines for:
  • Resolving conflicts of interest
  • Maintaining confidentiality, and
  • Adhering to legal and regulatory requirements
  • In contrast, a code of ethics addresses broader ethical principles and values.
  • It guides decision-making across various situations and contexts.


  • Codes of conduct are more detailed and specific.
  • They provide clear guidelines for expected behaviors and actions.
  • They include rules and protocols for handling specific situations or scenarios. 
  • In contrast, codes of ethics, while also providing guidance on behavior, are more general.
  • They may not offer detailed prescriptions for every possible situation.


  • Codes of conduct are often enforceable through disciplinary measures within the organization, such as:
  • Warnings
  • Reprimands, or
  • Termination of employment
  • In contrast, codes of ethics are usually not legally enforceable.
  • They commonly serve as aspirational standards that individuals or organizations strive to uphold. 
  • Violations of ethical principles damage reputation or trust
  • But, these violations do not result in legal consequences.

How do codes of conduct and codes of ethics complement each other?

While codes of conduct and codes of ethics serve different purposes and have distinct scopes, they are often interrelated and complementary. In most cases, a code of conduct is grounded in the ethical principles outlined in a code of ethics. This integration provides practical guidance on how to apply those principles in everyday situations.  

What is a privacy code?

A privacy code, also known as a privacy policy, is a set of guidelines and principles established by an organization. These codes help the organizations in:

  • Governing the collection, use, disclosure, and protection of personal information
  • Efficiently handling sensitive data
  • Ensuring compliance with:
  • Privacy laws
  • Regulations, and
  • Best practices

A privacy code's primary purpose is to protect individuals' privacy rights. Let’s have a look at some important elements of a privacy code:

  • Data Collection and Use
  • Clearly define the:
  • What types of personal information are collected by the organization?
  • Why is the personal information getting collected?
  • How the collected personal information will be used?
  • Consent
  • Specify how consent is obtained from individuals for the collection, use, and disclosure of their personal information.
  • Organizations must give their users the right to withdraw consent.
  • Data Security
  • Establish measures and safeguards to protect personal information from:
  • Unauthorized access
  • Disclosure
  • Alteration, or
  • Destruction.
  • Data Retention
  • Outline the retention periods for different types of personal information
  • Define procedures for securely disposing of data when it is no longer needed.
  • Data Sharing and Disclosure
  • Describe circumstances under which personal information may be shared with third parties
  • Establish safeguards to ensure its confidentiality and security.
  • Data Subject Rights
  • Inform individuals of their rights regarding access, correction, and deletion of their personal information
  • Compliance and Accountability
  • Commit to complying with applicable privacy laws and regulations
  • Designate responsible individuals or departments for overseeing privacy compliance efforts.
  • Transparency
  • Provide clear and accessible information about the organization's privacy practices
  • Always include contact information for inquiries or complaints.

What are some common real-life examples of privacy codes?

Organizations from different sectors and industries maintain their privacy commitments through privacy codes or policies. Let’s have a look at how prominent business organizations across the world are able to do so:

  • Facebook Privacy Policy
  • Facebook's privacy policy outlines how the platform collects and protects user data.
  • It also covers information about:
  • Privacy controls
  • Data sharing with third parties, and
  • User rights
  • Apple Privacy Policy
  • Apple's privacy policy details its commitment to protecting user privacy.
  • It commonly includes several approaches, such as:
  • Data minimization
  • Encryption, and
  • Transparency about data practices
  • Google Privacy Policy
  • Google's privacy policy explains how it collects and uses personal information across its various products and services.
  • It also outlines the several options used for controlling:
  • Data sharing and
  • Privacy settings
  • Amazon Privacy Notice
  • Amazon's privacy notice informs users about its data collection practices.
  • This notice usually covers information about:
  • Cookies
  • Device identifiers, and
  • Data sharing with:
  • Amazon affiliates and
  • Third-party partners


Privacy and code of conduct (COC) hold paramount importance for organizations worldwide. Thanks to a rapid increase in the digitization of information, having robust privacy measures to safeguard personal data has become a necessity. Organizations must strive to comply with legal regulations like GDPR and CCPA and show their commitment to upholding privacy standards. 

Furthermore, by developing a culture of integrity and accountability through clear codes of conduct, organizations can also create ethical work environments. These not only attract and retain talent but also enhance employee engagement. 

Frequently Asked Questions (FAQs)

What is the meaning of the code of conduct?

A code of conduct is a set of rules or guidelines. They outline the following:

  • Expected employee behavior
  • Standards of conduct for individuals or organizations
  • Conduct of ethical behavior

Are ethical codes of conduct legally enforceable?

In most cases, ethical codes of conduct are not legally enforceable. However, violating ethical codes may lead to legal consequences if it breaches:

  • Contractual agreements
  • Employment terms, or
  • Industry regulations.

How should companies handle the personal information of their customers?

Companies should handle the personal information of their customers in accordance with privacy laws and regulations. This includes:

  • Implementing robust data protection measures
  • Obtaining explicit consent for data collection and usage
  • Limiting access to personal data to authorized personnel only
  • Regularly updating security protocols

What privacy laws apply to US companies?

Some key privacy laws applicable to US companies include:

  • The General Data Protection Regulation (GDPR) for handling data of EU residents
  • The California Consumer Privacy Act (CCPA) for California residents
  • The Health Insurance Portability and Accountability Act (HIPAA) protects health information.
Sanju Kumari

Sanju has a wealth of experience and expertise in instructional design, bringing innovative ideas and a fresh perspective to e-learning content development. She is passionate about merging technology and creativity for dynamic e-learning. Her passion for creating engaging and effective learning experiences aligns perfectly with Calibr's commitment to excellence. She also enjoys writing about e-learning trends in the corporate world.