22 / 60
4
Societal indicators
Vivendi’s Four “Core” Issues relating to Human Rights
Canal+ Group complies with the French Act on Information Technology,
Data Files and Civil Liberties, which requires organizations engaged in
the processing or handling of data files to guarantee the security of those
files. Thus a dedicated team within the group’s legal department develops
the personal data protection policy, monitors it, and manages relations
with the CNIL (French National Commission on Freedom of Information).
p
p
In its relations with third parties such as distributors and mobile
operators that have access to subscribers’ personal data, Canal+
Africa includes contractual provisions requiring them to agree to the
confidentiality of that data.
In its Code of Conduct distributed in all countries where the group
operates, UMG points out the need to protect its customers’ personal
data. In the United States, the group is in the process of revising all of its
websites with the aim of obtaining “TRUSTe” certification, which attests
to the implementation of best practices in the area of confidentiality
and personal data protection. In the United Kingdom, UMG produced a
document in 2014 called “Consumer Data Protection Policy Day-to-Day
Guidelines” which outlines the best practices to apply on a daily basis to
preserve the security of customer data.
GVT reiterates the duty of confidentiality regarding data bases and
customer lists in its Code of Ethics and Conduct. This information may be
communicated to third parties only after obtaining authorization and the
signing of a confidentiality agreement. The group has set up a strong data
protection system, and every year it trains its employees in best practices
for safeguarding sensitive information.
Actions for raising the awareness of users, particularly
young audiences, regarding personal data and information
concerning private life online
GRI
UNGC OECD Scope covered
G4-DMA PR
Customer privacy
aspect, DMA HR
MSS
1, 2
IV,
VIII.6
Canal+ Group
UMG (9 focus group countries)
GVT
By having clear and precise general terms of use, Canal+ Group makes its
best efforts to ensure that its subscribers have all the information they
need for handling their personal data. Moreover, the group has developed
a dedicated space for children on its video-on-demand service Canalplay,
featuring suitable programs with simplified browsing, all within a secure
space. The parents configure access to the programs based on their
children’s age, and exiting Kids mode is secured by authentication with
a password.
UMG displays the obligatory legal notices on its websites regarding
respect for privacy, explaining clearly to consumers the company’s
policies concerning privacy and personal data protection (e.g.,
www. umusic.co.uk/privacy.html). For young audiences, UMG requires consent
by a parent or guardian when web users between the ages of 13 and 16
subscribe to its online music sites.
GVT has reinforced its initiatives to raise the awareness of responsible
Internet use through advice and information specifically intended for
educators who have direct and close contact with young people. Along
these same lines, GTV publishes an annual comic strip that is written
in language easily understood by children, illustrating the questions of
security and responsibility that arise through Internet use and, more
widely, through the use of new technologies. Once again in 2014, GVT
supported the Safer Internet Day and implemented actions to raise
awareness of the issue in São Paolo, Curitiba and Salvador, reaching
over 880 people. Throughout the year, GVT has supported more than 140
similar events through its partnership with the NGO SaferNet.
Employees trained in processes for protecting
and securing personal data
GRI
UNGC
OECD
Scope covered
G4-DMA PR
Customer privacy
aspect, DMA HR
MSS
1, 2
IV, VIII.6
Canal+ Group
UMG (9 focus group
countries)
GVT
At Canal+ Group, employees involved with customer personal data
protection are kept informed by Legal departments and the security pole.
On the one hand, the group’s Legal departments ensure strict compliance
with applicable regulations and provide internal training specifically to
tackle the problems encountered by operational departments. On the
other hand, the Information Systems department’s security pole ensures
all employees are made aware of the importance of guaranteeing
the confidentiality of client data and that good practice is adopted by
publishing articles on employee Intranet. In the Polish subsidiary of
Canal+ Group, each new employee tasked with processing personal data
is given specific training on the Act on the Protection of Personal Data in
force in Poland, among other things.
In the United States, UMG teams followed an on-line training course
(Security Awareness Training), the contents of which included the
protection of sensitive data and personal data. A training session on this
issue also took place in the Netherlands in December 2014. In the United
Kingdom, marketing and digital teams, who are particularly concerned
with the processing of customer data, are made aware of the “Consumer
Data Protection Policy Day-to-Day Guidelines” (see opposite). In France,
UMG reminds staff of the provisions of the Data and Content Protection
Charter once a year via an internal communication.
GVT regularly informs its employees of good safety practice relating to
sensitive information (see opposite), and in 2014, focused its employees’
attention on the following subjects: data security mechanisms, the
correct use of electronic equipment and the protection of privacy on
social networks, among others. In addition, all employees are made
aware of the data security policy via the group Intranet, and they must
adhere to it electronically.
Existence of a DOP (data protection officer)
or a designated person to manage the risks
related to personal data
GRI
UNGC
OECD
Scope covered
G4-DMA PR
Customer privacy
aspect, DMA HR
MSS
1, 2
IV, VIII.6
Canal+ Group
UMG (9 focus group
countries)
GVT
Canal+ Group and UMG have an entity that deals with matters relating
to the collection, processing and storage of customers’ personal data.
22
Non-Financial Indicators Handbook 2014