The Boston Bar Journal has published an article of mine on written information security policies, or WISPs, which are required in certain jurisdictions (such as Massachusetts) and are becoming increasingly important privacy and security tools for companies.  You can read the article here.