While it may seem that all nonprofit sites deal with the same issues regarding privacy, the reality is no two organizations are identical. On the surface, another organization may appear to engage in similar activities as yours, but the truth is that the way the information is processed, shared and utilized will certainly differ.
The second part, “do what you say”, is more of a challenge. Simply stating the policy is not enough – you must adhere to the policies and procedures as described. Your organization will be held accountable for any failure to meet its own written standards, thus it’s imperative that everyone in the organization understand what they should be doing – and equally important, what they should not be doing.