Consumer privacy and cyber security
Our approach to consumer privacy and cyber security
Vodafone has strict governance processes and controls in place to protect our customers’ personal data, respect their privacy and proactively manage the cyber security risks that face businesses today.
Our commitment to privacy and security is a vital part of our responsibility to our customers and is central to our Code of Conduct that everyone who works for us and on our behalf must follow.
A global approach to managing our customer’s privacy
Our privacy approach is governed by an unwavering respect for an individual’s right to privacy. From ownership and oversight by senior management to robust assurance, elements include:
Accountability
A member of the Group ExCo oversees Vodafone’s privacy programme. A global privacy officer, ultimately reporting to ExCo, manages the programme at Group level. At a local level, accountability for the implementation of the privacy programme sits with the local operating company. Each market has a local ExCo-level owner and a privacy officer tasked with implementing the programme locally, with a dotted line to the global privacy officer. Group and local operating companies each have a privacy steering committee that brings together privacy and security teams, and a senior person from each of the relevant business departments (e.g. commercial, technology, HR and finance). Detailed key performance indicators are reported regularly to senior management.
Engagement
We actively engage with stakeholders, including civil society, academic institutions, industry and government, to share our expertise and best practices with others, to contribute to the discussions that shape public policy and to learn from others.
Assurance
Each Vodafone entity has numerous systems for processing personal data, and all high-risk processes are subject to regular testing. New products, services and operations undergo privacy by design and assurance processes to ensure that possible privacy risks are identified and mitigated. Detailed personal data processing registers and data-retention practices are maintained and updated continuously. Our supplier compliance processes mean we only appoint suppliers that meet our privacy standards.
Human-centred decision making
Big data analytics use cases are subject to privacy and ethics reviews to identify and mitigate possible privacy or data ethics challenges. Data scientists sign up to our Code of Ethics for Analysts before they are given access to our analytics platform. When we are required to balance the right to privacy against other obligations in support of a free and secure society, we work to minimise privacy impacts.
Transparency
Our privacy notices provide straightforward, easy to understand and relevant information to our employees and customers. Our permission management platforms enable our customers to control how Vodafone uses their data. We also publish extensive information about our approach to managing governments requests for access to customer data.
Protecting our employee and customer information.
Our Purpose is to enable connectivity in society and as a provider of critical national infrastructure, we recognise the importance of cyber and information security. No organisation, government or person will ever be fully immune to cyber-attacks, and the telecommunications industry is faced with a unique set of risks as we provide connectivity services and handle private communication data.