employee privacy in a global company sandra kelman privacy manager (asia pacific) privacy issues...
TRANSCRIPT
![Page 1: Employee privacy in a global company Sandra Kelman Privacy Manager (Asia Pacific) Privacy Issues Forum 30 March 2006](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649da25503460f94a8e7f1/html5/thumbnails/1.jpg)
Employee privacy in a global company
Sandra Kelman
Privacy Manager (Asia Pacific)
Privacy Issues Forum
30 March 2006
![Page 2: Employee privacy in a global company Sandra Kelman Privacy Manager (Asia Pacific) Privacy Issues Forum 30 March 2006](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649da25503460f94a8e7f1/html5/thumbnails/2.jpg)
Context
• BP is of one of the world's largest energy companies, providing its customers with fuel for transportation, energy for heat and light, retail services and petrochemicals products for everyday items
• Over 100,000 people work in 100 countries across six continents
• Exploration activities cover 26 countries
• 27,800 service stations serve around 13 million customers each day
• “Mega data centres” in Singapore, Houston & London
![Page 3: Employee privacy in a global company Sandra Kelman Privacy Manager (Asia Pacific) Privacy Issues Forum 30 March 2006](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649da25503460f94a8e7f1/html5/thumbnails/3.jpg)
Structure
Digital Communications & Technology
• Digital Security Strategy – Compliance (Privacy & Data Protection)
• Compliance Manager
• 4 Privacy Managers (UK & Western Europe, Germany & Eastern Europe, Americas, MoW)
• Data Privacy Co-ordinator in each country (Privacy Officer)
![Page 4: Employee privacy in a global company Sandra Kelman Privacy Manager (Asia Pacific) Privacy Issues Forum 30 March 2006](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649da25503460f94a8e7f1/html5/thumbnails/4.jpg)
Foundation Documents
• Privacy & Data Protection Policy & Security of Information Policy
• International Intra-Group Data Protection Agreement
• Codes of Practice (applied globally)
• Fair Processing Statements
• Employee Code of Conduct
![Page 5: Employee privacy in a global company Sandra Kelman Privacy Manager (Asia Pacific) Privacy Issues Forum 30 March 2006](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649da25503460f94a8e7f1/html5/thumbnails/5.jpg)
Privacy & Data Protection Policy
• Applies where no local legislation
• Ties in with IGA
• Based on EU Data Protection Directive
• Principles for information processing
• Rights and responsibilities
• On Intranet – provided in induction phase
Security of Information Policy
Retention Guidelines/Schedules
![Page 6: Employee privacy in a global company Sandra Kelman Privacy Manager (Asia Pacific) Privacy Issues Forum 30 March 2006](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649da25503460f94a8e7f1/html5/thumbnails/6.jpg)
International Intra-Group Data Protection Agreement (IGA)
• Signed off by Country President
• Permits individual BP operations to meet legislative obligations where data transfers are regulated
• Allows trans-border data flows via gaining the consent of individuals through the issue of a Fair Processing Statement (FPS)
• Commits businesses to respect relevant local legislation
• Creates a common business standard through implementing the Global Data Protection Policy.
Implementation
• Designate a Country Data Protection Coordinator (full or part-time)
• Education & Support
• Compliance through monitoring
![Page 7: Employee privacy in a global company Sandra Kelman Privacy Manager (Asia Pacific) Privacy Issues Forum 30 March 2006](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649da25503460f94a8e7f1/html5/thumbnails/7.jpg)
Codes Of Practice
CCTV
• Consistent application
• Model signage
• 40 pages
Employment
• UK model
• Suggested standards
• 91 pages (plus supplementary guidance)!
![Page 8: Employee privacy in a global company Sandra Kelman Privacy Manager (Asia Pacific) Privacy Issues Forum 30 March 2006](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649da25503460f94a8e7f1/html5/thumbnails/8.jpg)
Fair Processing Statements
• Information for employees about information collected, held and its uses
• Authority to process information as described
• Explanation of data held in HR systems
• Third Party Processor’s privacy notice (UK)
• Campaign to issue one to each BP employee – new and existing!
![Page 9: Employee privacy in a global company Sandra Kelman Privacy Manager (Asia Pacific) Privacy Issues Forum 30 March 2006](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649da25503460f94a8e7f1/html5/thumbnails/9.jpg)
Code of Conduct
• “Our Commitment to Integrity”
• Specifically refers to privacy
– “…there should be no gap between what we say and what we do…”
– Misuse of information
– Privacy and employee confidentiality
– Data quality
– Protecting BP’s assets (includes information)
– Intellectual property
– Security
![Page 10: Employee privacy in a global company Sandra Kelman Privacy Manager (Asia Pacific) Privacy Issues Forum 30 March 2006](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649da25503460f94a8e7f1/html5/thumbnails/10.jpg)
Privacy Quiz
![Page 11: Employee privacy in a global company Sandra Kelman Privacy Manager (Asia Pacific) Privacy Issues Forum 30 March 2006](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649da25503460f94a8e7f1/html5/thumbnails/11.jpg)
Privacy Quiz 2
![Page 12: Employee privacy in a global company Sandra Kelman Privacy Manager (Asia Pacific) Privacy Issues Forum 30 March 2006](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649da25503460f94a8e7f1/html5/thumbnails/12.jpg)
Privacy Quiz 3
![Page 13: Employee privacy in a global company Sandra Kelman Privacy Manager (Asia Pacific) Privacy Issues Forum 30 March 2006](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649da25503460f94a8e7f1/html5/thumbnails/13.jpg)
Privacy Compliance Audits
• Use UK Information Commissioner’s methodology
• Adapted for local legislation or BP Privacy Policy
• “Heavy” and “Light”
• Monitor privacy compliance at that time
• Interviews with staff – functions or processes
• Audit report – non-compliances and observations
• Risk Register – checks follow up actions
![Page 14: Employee privacy in a global company Sandra Kelman Privacy Manager (Asia Pacific) Privacy Issues Forum 30 March 2006](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649da25503460f94a8e7f1/html5/thumbnails/14.jpg)