Consumer privacy and cyber security
Our approach to consumer privacy and cyber security
Vodafone has strict governance processes and controls in place to protect our customers’ personal data, respect their privacy and proactively manage the cyber security risks that face businesses today.
Our commitment to privacy and security is a vital part of our responsibility to our customers and is central to our Code of Conduct that everyone who works for us and on our behalf must follow.
A global approach to managing our customer’s privacy
Our privacy approach is governed by an unwavering respect for an individual’s right to privacy. From ownership and oversight by senior management to robust assurance, elements include:
Accountability
A member of the Group ExCo oversees Vodafone’s privacy programme. A global privacy officer, ultimately reporting to ExCo, manages the programme at Group level. At a local level, accountability for the implementation of the privacy programme sits with the local operating company. Each market has a local ExCo-level owner and a privacy officer tasked with implementing the programme locally, with a dotted line to the global privacy officer. Group and local operating companies each have a privacy steering committee that brings together privacy and security teams, and a senior person from each of the relevant business departments (e.g. commercial, technology, HR and finance). Detailed key performance indicators are reported regularly to senior management.
Engagement
We actively engage with stakeholders, including
civil society, academic institutions, industry and
government, to share our expertise and best
practices with others, to contribute to the
discussions that shape public policy and to learn
from others.
Assurance
Each Vodafone entity has numerous systems for
processing personal data, and all high-risk
processes are subject to regular testing. New
products, services and operations undergo
privacy by design and assurance processes to
ensure that possible privacy risks are identified
and mitigated. Detailed personal data processing
registers and data-retention practices are
maintained and updated continuously. Our
supplier compliance processes mean we only
appoint suppliers that meet our privacy
standards.
Human-centred decision making
Big data analytics use cases are subject to privacy
and ethics reviews to identify and mitigate
possible privacy or data ethics challenges. Data
scientists sign up to our Code of Ethics for
Analysts before they are given access to our
analytics platform. When we are required to
balance the right to privacy against other
obligations in support of a free and secure
society, we work to minimise privacy impacts.
Transparency
Our privacy notices provide straightforward, easy
to understand and relevant information to our
employees and customers. Our permission
management platforms enable our customers to
control how Vodafone uses their data. We also
publish extensive information about our
approach to managing governments requests for
access to customer data.
Protecting our employee and customer information.
Our Purpose is to enable connectivity in society and as a provider of critical national infrastructure, we recognise the importance of cyber and information security. No organisation, government or person will ever be fully immune to cyber-attacks, and the telecommunications industry is faced with a unique set of risks as we provide connectivity services and handle private communication data.