Electronic document management/imaging systems (EDMS) are subject to the same rules and regulations as other information systems. However, being document-centric, applying these rules and regulations has its own particular characteristics. Anyone setting out to implement information privacy rules in their EDMS will need to bear this in mind. Moreover, success in translating information privacy rules into the domain of an EDMS will be essential to any information privacy initiative. Because an EDMS accounts for a great deal of the information captured and managed by many organizations, failure to address the peculiar challenges it raises could leave organizations vulnerable. Index data plays two roles with respect to privacy in an EDMS. An index form, therefore, should include a field that contains the name of the information type as it is named in the policy. The minimum necessary rule and the dual data structure of an EDMS require a flexible and comprehensive set of security-related features.