-
As Deloitte Global professionals,
we regularly work with personal information
-
or personal data.
-
Personal information may
include a wide range of data,
-
such as a professional’s name along
with their personnel number,
-
home address,
-
photograph,
-
location information,
-
date of birth,
-
or government identifier
-
– all essential information
that we need to do our jobs.
-
But we’re also surrounded by risks…
-
Misuse and unauthorized handling of
personal information
-
can cause considerable risk
-
and damage for the individuals impacted,
for Deloitte and for Deloitte clients.
-
And as if these risks weren’t enough,
the consequences for unauthorized disclosure
-
are also becoming more severe.
-
Privacy laws throughout the world
are becoming much more stringent
-
and expectations for the proper handling
of personal information are increasing.
-
Deloitte Touche Tohmatsu Limited – DTTL -,
and its global network of member firms,
-
must comply with these laws
and ensure that the collection and use
-
of personal information for business
purposes adheres to these requirements.
-
DTTL and/or one or more of its member firms
could become liable for significant damages,
-
fines and expenses for failing to properly
handle personal information,
-
and in some cases may need
to notify affected individuals
-
or governmental authorities
of a privacy incident.
-
In addition, the Deloitte brand and
reputation may be damaged.
-
It’s more important than ever
to take proper precautions.
-
There are many new and seemingly
helpful applications
-
such as survey and collaboration tools
available for laptops and mobile devices.
-
However, Deloitte people should be aware
that not all of these applications
-
have been reviewed and approved by DTTL
or its global network of member firms.
-
In addition, disclosures of personal
information to unauthorized
-
third parties could violate
country privacy laws.
-
For these reasons, Deloitte people should
only use Deloitte approved applications.
-
In some cases, Deloitte has restricted
use of such applications on Deloitte devices.
-
For additional guidance on
approved collaboration tools,
-
contact your regional privacy leader.
-
That’s right - we need to protect
personal information!
-
This is how you can save the day!
-
Only collect personal information
that is adequate, relevant and limited
-
to your specified purpose of processing.
-
Do not collect or store personal information
in a system or display personal information
-
on screens or reports unless necessary
and relevant for the business need.
-
If needed for the business objectives,
restrict access to personal information
-
only to those with a solid business case
– less is better!
-
Personal information should only
be retained as long as there is a legal
-
or business requirement.
-
Dispose of hard copy and electronic
personal information securely
-
– for example, use a cross-cut shredder
or confidential waste bins,
-
permanently delete electronic
files from your recycle bin,
-
and return portable storage devices to your
information security team for safe disposal.
-
Lastly, particular care should be taken in
handling personal information
-
as unauthorized disclosure can result in
a serious breach of privacy laws
-
in many jurisdictions.
-
If you discover potential unauthorized access
to or disclosure of personal information,
-
report it immediately to the appropriate contacts
as defined by your Member Firm or,
-
for full time Deloitte Global professionals
-
contact DTTL Confidentiality
and Privacy Incident Response at
-
DTTLConfidentialityandPrivacyIncidentResponse@deloitte.com
-
Notify your immediate leader next.
-
Even a few hours delay can make a big
difference in terms of compliance
-
with legal and other obligations
and protecting the Deloitte brand.
-
But the most important thing…
is staying vigilant!
-
Spread the word within your team
and work with leadership
-
to determine the best methods
for protecting personal information.
-
This way, we keep
personal information safe…
-
and protect and preserve the
Deloitte brand and reputation.
-
Want to know what else you can do?
-
Reach out to your regional privacy leader
-
for additional information and
resources on privacy and data protection.
-
For Deloitte Global professionals,
-
search for DTTL Privacy and
Data Protection on Deloitte Unity
-
for additional information and guidance
on privacy and data protection.