What we need to know

  • We hold significant personal data on all of our customers and employees and we have an obligation to protect it and only use it for legitimate business purposes
  • Personal data includes employee, customer and Business Partner information such as phone numbers, e-mails, addresses, locations, call and payment history, salaries and health information
  • All personal data is to be considered confidential
  • Responsible use of personal data is instrumental in maintaining our customers’ trust.

What is expected of us

  • We do not share personal data with anyone who does not have a specific business purpose, unless sharing the data has been authorized or is legally required
  • We only access personal data for a specific business purpose and we do not look up data about someone we know
  • We are open and honest with our customers and employees about how we use their data
  • We ensure that data is not processed without proper access control, security and data protection
  • We are aware of our responsibilities related to privacy when we lead projects or initiatives that involve personal data processing
  • We follow established privacy procedures and processes.

What to look out for

  • We become aware of unauthorized access to personal data, including sharing of data with third parties without appropriate privacy safeguards in place
  • We realize that we are collecting data about our employees or customers which they would not reasonably expect us to collect or use in this way
  • We become aware that the personal data of our employees or customers is being used in a way that may be considered intrusive
  • A government official requests information about an employee or a customer, including business records without following proper procedure
  • We observe anything that leads us to believe that any personal data has been or may be compromised.

Resources and Tools