Valuation and Protection of Personal Data

Reconciling the valuation and protection of personal data is essential in maintaining the relationship of trust Vivendi has with its customers. That is why this issue is part of Vivendi’s four CSR “core” issues and will be included into the CSR criteria integrated into the senior executives’ variable remuneration starting from 2015.

The Data and Content Protection Charter, adopted in 2008, defines Vivendi’s commitments as regards collecting and processing of clients’ personal data an protecting content. It is declined into each of the group’s businesses, which have therefore established rules for the collection and processing of administrative and financial data designed to guarantee the confidentiality of such information. 

 

Main focus of the area for action

  • Building a relationship of digital trust in a spirit of loyalty and transparency
    • Collect and process data with the consent of stakeholders
    • Ensure the clients’ right to information
    • Advise  and raise customers’ awareness
  • Maintain a vigilance on the digital environment
    • Raise employees’ awareness
    • Evaluate information systems
    • Demonstrate a demanding attitude toward suppliers and service providers

Useful Links

Some examples  of initiatives and best practices

Vivendi

  • To ensure thorough compliance with the group’s rules on data collecting and processing, Vivendi’s Legal and Finance Divisions have established processes and monitoring procedures.
  • Vivendi’s CSR webradio Vivoice regularly gives the floor to Vivendi’s stakeholders on the issue of protection of personal data. On the occasion of the ninth edition of the Council of Europe’s Data Protection Day, Isabelle Falque-Pierrotin, President of CNIL and of the G29 (the organization gathering all the European data protection authorities) gave an interview on Vivoice and recalled that personal data protection if a fundamental right (listen to the podcast of the interview). The same conclusion was reached during the special live program devoted to “Human rights at the digital age” which gave the floor to representatives of French State Council, of the International Federation of Human Rights Leagues and of UNICEF France.

Canal+ Group

  • Canal+ Group complies with the French Act on Information Technology, Data Files and Civil Liberties, which requires organizations engaged in the processing or handling of data files to guarantee the security of those files. Thus a dedicated team within the group’s legal department develops the personal data protection policy, monitors it, and manages relations with the CNIL (French National Commission on Freedom of Information). In its relations with third parties such as distributors and mobile operators that have access to subscribers’ personal data, Canal+ Africa includes contractual provisions requiring them to agree to the confidentiality of that data.
  • At Canal+ Group, employees involved with customer personal data protection are kept informed by Legal departments and the security pole. On the one hand, the group’s Legal departments ensure strict compliance with applicable regulations and provide internal training specifically to tackle the problems encountered by operational departments. On the other hand, the Information Systems department’s security pole ensures all employees are made aware of the importance of guaranteeing the confidentiality of client data and that good practice is adopted by publishing articles on employee Intranet. In the Polish subsidiary of Canal+ Group, each new employee tasked with processing personal data is given specific training on the Act on the Protection of Personal Data in force in Poland, among other things.

Universal Music Group

  • In its Code of Conduct distributed in all countries where the group operates, UMG points out the need to protect its customers’ personal data. In the United States, the group is in the process of revising all of its websites with the aim of obtaining “TRUSTe” certification, which attests to the implementation of best practices in the area of confidentiality and personal data protection. In the United Kingdom, UMG produced a document in 2014 called “Consumer Data Protection Policy Day-to-Day Guidelines” which outlines the best practices to apply on a daily basis to preserve the security of customer data.
  • UMG displays the obligatory legal notices on its websites regarding respect for privacy, explaining clearly to consumers the company’s policies concerning privacy and personal data protection. For young audiences, UMG requires consent by a parent or guardian when web users between the ages of 13 and 16 subscribe to its online music sites.
  • Employees concerned are regularly made aware of the issue.  For example, in the United States , UMG teams followed an on-line training course (Security Awareness Training), the contents of which included the protection of sensitive data and personal data. A training session on this issue also took place in the Netherlands in December 2014. In the United Kingdom, marketing and digital teams, who are particularly concerned with the processing of customer data, are made aware of the “Consumer Data Protection Policy Day- to- Day Guidelines”.