Best Practices - Transparency and Consistency
Once you understand what you want and need to do and have set your policies, you have to be transparent in articulating them. Then it is a matter of consistency. The frontend disclosures of policies must match the backend implementation and enforcement of those policies.
And processes and procedures to ensure consistency, oversight and enforcement must be decided on, implemented and managed, including the ability to update and improve them when necessary. Final policies should be cleared by legal, HR, PR and marketing, security and IT and privacy professionals advising the company, including those advising in international or special risk capacities.
To the extent there are hard and fast best practices relevant to a policy, it will should be clearly articulated in both outward-facing written policies and in behind he scenes practice guides.
Remember that the core of most best practices merely requires that you consider a risk and define your approach to that risk, articulating your decision to internal and external stakeholders. If you aren't doing it, don't say you are. And if you're doing it, tell them. It's that simple.