This is how we protect our customers’ privacy
Streaming, surfing, calling – our millions of customers entrust us with their personal data, details of their online activities and their invoicing information. As a telecom provider, we therefore have to bear a high degree of responsibility. That is why we protect all of that data and information as well as we possibly can and apply high standards in that regard. Our customers’ privacy comes first in any choices that we make.
TEAM AND CHAMPIONS
We take your privacy seriously. That is the promise that we make to our customers and employees in our Ziggo and Vodafone privacy statements – and anyone can call us to account in that regard. VodafoneZiggo’s privacy specialists are therefore working day-in, day-out to protect our customers’ data. And they are not alone. In all parts of our organisation, we have our privacy champions, employees with additional expertise and experience who keep a watchful eye within their team to identify any issues concerning privacy. In 2021, they received additional training to enable them to fulfil their role as privacy ambassadors even more effectively. Together, they are also working to ensure that all other colleagues are aware of privacy issues. All new employees are also required to undergo training on the subject of privacy and security as part of their onboarding at VodafoneZiggo.
THIS IS THE BASIS
The privacy of citizens is protected by means of laws and regulations. For example, it is prohibited by law to view the content of calls, text messages or internet traffic. That is a no-brainer as far as we are concerned. We also do not share any personal data with others, without obtaining permission.
An important development in 2021 was the new Telemarketing Act. As a company, you are only allowed to contact people by telephone about offers if they have given permission in advance. We are still allowed to call existing customers or customers who have recently left us without getting permission first. We do however have to offer customers an opportunity to unsubscribe from any commercial calls. We ran an intensive campaign to inform our employees and sales partners about this.
CUSTOMERS ARE IN CHARGE
We document our customers’ data by means of a personal privacy dashboard. That way, they can indicate how we are permitted to contact them. It is also very simple for customers to request a summary of the personal data we hold about them. In addition, they are also entitled to have (part of) their personal data deleted. In 2021, we received over one thousand privacy requests per month on average.
Sometimes, we received requests from government or from investigative authorities, such as the police, the Public Prosecutor’s Office or the Netherlands Tax and Customs Administration, asking us to share customer data with them. Requests of that type are evaluated by a dedicated team. We only respond to them if that is lawful and the request has been made based on a legally issued order. In such cases, we only provide the information that we are obliged to provide and are required to provide in accordance with the legally issued order. After all, our customers’ privacy is our first priority. That is why in 2021, we informed the Ministry of Finance and Stichting Brein that we would not process any requests for information that are not based on an order issued by a court of law.
PLANS PLACED UNDER THE MICROSCOPE
Clever ideas and new, innovative products are things that all of us get excited about. But we still scrutinise them bit by bit to make sure they do bring about any privacy risks. In 2021, we placed a few hundred initiatives under microscope and even if a team is thinking up new applications that make use of customer data, it must submit that idea for assessment by our Data Usage Board. This is a group of in-house experts that determines whether and in what form an idea can become reality. The Board always seeks answers to the following questions: can we do this, are we allowed to do this and is this something we actually want to do?
THE FUTURE OF PRIVACY
Privacy is and continues to be a hot topic, because the data revolution is still in full swing and an infinite number of new applications are being developed all the time. Our customers therefore also have an increasing number of online devices connected to their home networks – from thermostats to washing machines. We want to help our customers benefit from the opportunities and help them respond to the risks posed by that technology, by showing them how you can protect yourself more effectively against digital intruders. After all, privacy is an automatic right, but it isn’t something that simply arises by itself.
The risks posed by digitisation are also increasing on a higher level: there is a constant threat of espionage and sabotage by countries and professional criminal gangs. As a telecom provider, we take additional measures, such as the ones we are required to take in accordance with the ministerial regulation entitled ‘Security and Integrity of Telecommunications’. For us, privacy is an important item on the agenda, day-in and day-out.
The ability to exercise individual rights & freedoms (right of inspection, right to erasure and right to object)
Data Usage Requests (requests received from within our own organisation for permission to use data)
Data Protection Impact Assessments (DPIA)
Privacy by Design assessments (PIAs)
Supplier check on Privacy & Security
% of employees who have taken part in privacy e- learning
% of customer service employees who have taken part in e-learning on data breaches
% of data breaches that we reported to the Dutch DPA (following investigation and a consideration of the type/scope)
Number of fines or sanctions imposed in connection with a breach of privacy legislation
Cleaning up and plugging data leaks
Whenever data end up in the wrong place, it is known as a data leak. It may take the form of an e-mail that is sent to the wrong recipient, but the leak can also be of a higher magnitude and could involve a file containing customer data entering the public domain. Our goal is to limit the number of data leaks that occur and whenever a data leak does actually occur, we report it and chart it. We reported around 60% of data leaks to the Dutch Data Protection Authority. That is compulsory in the case of data leaks of a particular nature and magnitude. In order to continually reduce the number of data leaks, we restrict the use of certain functions. This reduces the likelihood of anything going wrong within the process.