1 / 14

Employee privacy in a global company

Learn about BP's comprehensive privacy policies, data protection agreements, and employee codes of conduct. Discover how they navigate privacy issues in a multinational setting.

mjeanne
Download Presentation

Employee privacy in a global company

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Employee privacy in a global company Sandra Kelman Privacy Manager (Asia Pacific) Privacy Issues Forum 30 March 2006

  2. Context • BP is of one of the world's largest energy companies, providing its customers with fuel for transportation, energy for heat and light, retail services and petrochemicals products for everyday items • Over 100,000 people work in 100 countries across six continents • Exploration activities cover 26 countries • 27,800 service stations serve around 13 million customers each day • “Mega data centres” in Singapore, Houston & London

  3. Structure • Digital Communications & Technology • Digital Security Strategy – Compliance (Privacy & Data Protection) • Compliance Manager • 4 Privacy Managers (UK & Western Europe, Germany & Eastern Europe, Americas, MoW) • Data Privacy Co-ordinator in each country (Privacy Officer)

  4. Foundation Documents • Privacy & Data Protection Policy & Security of Information Policy • International Intra-Group Data Protection Agreement • Codes of Practice (applied globally) • Fair Processing Statements • Employee Code of Conduct

  5. Privacy & Data Protection Policy • Applies where no local legislation • Ties in with IGA • Based on EU Data Protection Directive • Principles for information processing • Rights and responsibilities • On Intranet – provided in induction phase Security of Information Policy Retention Guidelines/Schedules

  6. International Intra-Group Data Protection Agreement (IGA) • Signed off by Country President • Permits individual BP operations to meet legislative obligations where data transfers are regulated • Allows trans-border data flows via gaining the consent of individuals through the issue of a Fair Processing Statement (FPS) • Commits businesses to respect relevant local legislation • Creates a common business standard through implementing the Global Data Protection Policy. Implementation • Designate a Country Data Protection Coordinator (full or part-time) • Education & Support • Compliance through monitoring

  7. Codes Of Practice CCTV • Consistent application • Model signage • 40 pages Employment • UK model • Suggested standards • 91 pages (plus supplementary guidance)!

  8. Fair Processing Statements • Information for employees about information collected, held and its uses • Authority to process information as described • Explanation of data held in HR systems • Third Party Processor’s privacy notice (UK) • Campaign to issue one to each BP employee – new and existing!

  9. Code of Conduct • “Our Commitment to Integrity” • Specifically refers to privacy • “…there should be no gap between what we say and what we do…” • Misuse of information • Privacy and employee confidentiality • Data quality • Protecting BP’s assets (includes information) • Intellectual property • Security

  10. Privacy Quiz

  11. Privacy Quiz 2

  12. Privacy Quiz 3

  13. Privacy Compliance Audits • Use UK Information Commissioner’s methodology • Adapted for local legislation or BP Privacy Policy • “Heavy” and “Light” • Monitor privacy compliance at that time • Interviews with staff – functions or processes • Audit report – non-compliances and observations • Risk Register – checks follow up actions

More Related