вход по аккаунту


Employee privacy in a global company

код для вставкиСкачать
Employee privacy in a global company
Sandra Kelman
Privacy Manager (Asia Pacific)
Privacy Issues Forum
30 March 2006
• BP is of one of the world's largest energy companies,
providing its customers with fuel for transportation, energy for
heat and light, retail services and petrochemicals products for
everyday items
• Over 100,000 people work in 100 countries across six
• Exploration activities cover 26 countries
• 27,800 service stations serve around 13 million customers
each day
• “Mega data centres” in Singapore, Houston & London
Digital Communications & Technology
• Digital Security Strategy – Compliance (Privacy
& Data Protection)
• Compliance Manager
• 4 Privacy Managers (UK & Western Europe,
Germany & Eastern Europe, Americas,
• Data Privacy Co-ordinator in each country
(Privacy Officer)
Foundation Documents
• Privacy & Data Protection Policy & Security of
Information Policy
• International Intra-Group Data Protection
• Codes of Practice (applied globally)
• Fair Processing Statements
• Employee Code of Conduct
Privacy & Data Protection Policy
• Applies where no local legislation
• Ties in with IGA
• Based on EU Data Protection Directive
• Principles for information processing
• Rights and responsibilities
• On Intranet – provided in induction phase
Security of Information Policy
Retention Guidelines/Schedules
International Intra-Group Data
Protection Agreement (IGA)
• Signed off by Country President
• Permits individual BP operations to meet legislative obligations
where data transfers are regulated
• Allows trans-border data flows via gaining the consent of
individuals through the issue of a Fair Processing Statement (FPS)
• Commits businesses to respect relevant local legislation
• Creates a common business standard through implementing the
Global Data Protection Policy.
• Designate a Country Data Protection Coordinator (full or parttime)
• Education & Support
• Compliance through monitoring
Codes Of Practice
• Consistent application
• Model signage
• 40 pages
• UK model
• Suggested standards
• 91 pages (plus supplementary guidance)!
Fair Processing Statements
• Information for employees about information
collected, held and its uses
• Authority to process information as described
• Explanation of data held in HR systems
• Third Party Processor’s privacy notice (UK)
• Campaign to issue one to each BP employee
– new and existing!
Code of Conduct
• “Our Commitment to Integrity”
Specifically refers to privacy
– “…there should be no gap between what we say and
what we do…”
– Misuse of information
– Privacy and employee confidentiality
– Data quality
– Protecting BP’s assets (includes information)
– Intellectual property
– Security
Privacy Quiz
Privacy Quiz 2
Privacy Quiz 3
Privacy Compliance Audits
• Use UK Information Commissioner’s
• Adapted for local legislation or BP Privacy
• “Heavy” and “Light”
• Monitor privacy compliance at that time
• Interviews with staff – functions or processes
• Audit report – non-compliances and
• Risk Register – checks follow up actions
Размер файла
497 Кб
Пожаловаться на содержимое документа