We regard privacy as a human right and are fully committed to protecting personal data and keeping consumers, employees and other stakeholders fully informed about how this data is processed. Our approach includes having a clear, robust policy in place and engaging closely with the industry.
At a glance
- In 2013, we completed privacy compliance assessments on many of our websites; and
- We’re also working with our key technology partners to decide exactly how personal data should – and should not – be used in marketing activities.
What we’re doing
- Only be processed for specific and legitimate business purposes;
- Be processed fairly and lawfully;
- Be properly managed;
- Be protected against unauthorised processing and damage;
- Be accessible when in the form of data collections; and
- Not be transferred to third parties or other countries without adequate safeguards.
From the detailed consumer privacy audits we have completed in our IT operations and in selected markets, we identified inconsistencies in the way we inform consumers of their privacy rights. We have therefore decided to simplify and clarify our privacy notices across our large number of digital assets.
We have also renewed our internal Digital Privacy and Hosting standards to provide better security assurances to our consumers, and our Group Information Systems/ Information Technology security committee, which meets quarterly, oversees data management.
The global privacy landscape is constantly changing. With this in mind, we closely monitor changes in the regulatory environment and come up with scalable solutions that meet our consumers’ expectations.
We’re also working with our key technology partners to decide exactly how personal data should – and should not – be used in marketing activities. We believe that, if in doubt, we should always presume that consumers would prefer privacy.
We will continue to engage with the industry, and with our stakeholders, to make sure we are at the forefront of changes in the regulatory environment. A key focus is our work towards obtaining ISO 27001 certification for our consumer relationship management systems. ISO 27001 is the best practice specification that helps businesses and organisations throughout the world to develop an information security management system.
Our long-term goal is to make privacy part of everyone’s mind-set, rather than the responsibility of a specific individual or group.
Find out more in our full Creating Shared Value report (pdf, 15Mb):