Data Privacy & Cyber Security
The privacy and security of our customers, employees and other stakeholders is central to our reputation and the trust that we engender as an organisation.
Our Group-wide data privacy practices deliver a robust approach to securing information assets across the Group and are stringently overseen by the Board Risk and Compliance Committee, supported by the Risk and Compliance Department. Furthermore, Data Privacy Officers (DPO) have been appointed at each of our OpCos, supporting the uniform implementation of necessary practices while driving the enhancement of OpCo-level data privacy capabilities.
In ensuring continuous compliance at all levels, due diligence exercises of our vendors’ data-handling processes are regularly carried out. We also updated our Employee Code of Conduct and reviewed our Supplier Code of Conduct in 2021 to achieve full alignment with our expectations.
Now in Phase Two of our Privacy Programme, and completing the first year of execution of our cyber security Digital Trust & Resilience 2023 (DT&R 2023) programme, our improvements in cyber and privacy maturity ratings have reaffirmed our efforts in data privacy and cyber security. However, we will continue to execute, capacity-build and enhance awareness of this risk to our business, service reliability and safety for our customers.