A succinct ~2-page information security policy template concerning the determination of permissions and rights for access to information.
 
The policy distinguishes between permissions and rights:
Permission to access and use information should only be granted to trustworthy people and organisations for legitimate purposes;
Rights are mandatory and must be respected. 
 
Supplied as an MS Word document, readily customised for your organisation's specific situation.