Confidentiality and data security
Confidentiality and data security
We are committed to maintaining the confidentiality and security of all personal information that we may collect, use and disclose in accordance with applicable laws and regulations. Confidentiality and data security are of the utmost importance to the Company and we have adopted strict policies to ensure the protection of personal information entrusted to us.
Commitment
We have formalized our commitment to protect the information we collect and generate in the policies governing the way we do business. In these policies, we have established specific guidelines regarding the collection, use and disclosure of personal information. We also have policies and procedures relating to the protection of confidential information from theft, loss, disclosure, unauthorized access or destruction, or any other misuse.
Our Code of Conduct and Professional Conduct and our Code of Conduct for Third Parties describe our general expectations regarding the processing of personal information by our staff and the third parties with whom we collaborate. These expectations are set out in our official policies regarding personal information collected from the public, employee personal information, cybersecurity and the retention of documents and records.
Our Privacy Policy sets out guidelines for the collection, use and disclosure of public personal information, including information from users of our websites and third party social networking sites, or information subscribers to our email alert service.
We have also adopted an Employee Privacy Policy. This separate policy establishes guidelines for the Corporation's collection, use and disclosure of our employees' personal information in order to establish, maintain or terminate the employment relationship.
Our Technology and Intellectual Property Security Policy (the "Cybersecurity Policy") sets out the Corporation's expectations of all employees, consultants and subcontractors with respect to the proper use of technology and intellectual property of the Company as well as the protection of cybersecurity.
In addition, our Document and Record Keeping Policy allows us to keep, process and destroy our documents and records, including personal information, in an appropriate manner and in accordance with applicable laws.
Implementation
In accordance with applicable privacy laws, we collect the personal information that is necessary for our business, when we have obtained consent to do so, or as permitted or required by law. All officers and employees receive a copy of our various policies and procedures.
As part of our annual corporate policy training sessions, we educate our employees about the application of our policies and procedures, including those relating to data privacy and security. The training process is facilitated by a web platform through which the mandatory training module aimed at the Company's Code of Conduct and Professional Conduct and the main company policies must be completed. At the end of the module, in accordance with our annual certification requirements, our employees are required to confirm their compliance with our Code of Conduct and our most important corporate policies.
From time to time, our staff also receive training from industry experts on more specific aspects, such as cybersecurity, as new risks are identified or new systems are implemented.
We have implemented a comprehensive intelligence and cybersecurity program, compared our capabilities with industry best practices, and have implemented threat and vulnerability assessments as well as response capabilities. We continue to invest in security technologies to protect ourselves from, detect and counter cybersecurity threats. For example, we have adopted an Information Technology Security (IT) Incident Response Protocol, which is managed and implemented by both the Vice-President and Controller. and the IT director. We also provide our employees and third-party service providers with guidelines for responding to security breaches that could threaten our data and technology. Power Corporation has not suffered any cybersecurity breaches to date.
It should be noted that as a holding company, we have no clients. Our group companies are responsible for implementing their own policies and procedures to protect the confidentiality of their customers' information. Our main subsidiaries, Great-West Lifeco and IGM Financial, as well as their operating companies, have established confidentiality policies which set out their requirements for the collection, use and disclosure of personal information, including:
- identify precisely why certain information is being collected;
- provide a means for individuals to choose whether or not to consent to the collection of data;
- provide individuals with a means to verify, correct and delete their data, if applicable;
- identify where third parties have access to the information, why it is used, and the controls in place to protect the information.
As part of our active participation approach, we are committed to promoting compliance by our subsidiaries with the applicable legislation on confidentiality and data security.
Responsibility
The proper use and protection of information is the responsibility of our entire organization and is based on the diligence of each member of our staff. The Vice President and General Counsel is responsible for overseeing data protection programs, as well as training and compliance with our policies and procedures. The Vice President and Controller is responsible for the administration of our Cybersecurity Policy. If necessary, both report their activities to the audit committee of the board of directors.
Mechanisms for reporting concerns
To report any concerns, submit any inquiries or submit any complaints regarding our privacy policies, our staff and the public should contact the office of the General Counsel.
Surveillance and monitoring
We are constantly monitoring and improving our IT defense systems and procedures to prevent, detect, resolve and manage threats to cybersecurity. We recognize that these threats continue to evolve. We also participate in industry-established forums and work with our peers to provide intelligence on threats and serious security threats to the financial services industry worldwide.
We carry out periodic audits of our information security systems in order to allow an adequate implementation of our policies and to ensure our compliance with constantly changing regulations, including the General Data Protection Regulation of the European Parliament and the Council of the European Union. We are making the necessary improvements to adapt to regulations.
Author-bio: Waqas Ahmad works with an expert team of web and mobile app developers at Cybexo Inc, a leading web development services company. He spends his time researching technologies and mobile apps. His work has been published on various distinguished blogs across the web.
Comments
Post a Comment