COMMITMENT TO CUSTOMER
PRIVACY AND DATA PROTECTION
We are cognisant of the sensitivity of our customers’ information,
which includes their personal information and communications,
locations and their use of the Internet and digital applications.
As theworldbecomes increasinglydigitalised,withmobile technologies
a crucial communications enabler in our lives and businesses, data
privacy and security issues are becoming increasingly more complex.
Primary concerns centre on the complexity of advanced technologies,
threats from hackers and the potential for human error, all of which
can lead to the loss, deletion or misappropriation of information.
We intend to inspire digital trust and confidence in our customers
through robust data privacy and security policies, frameworks and
management, which will be based on our values of Uncompromising
Integrity and Exceptional Performance. Our aim is to enhance our
customer experience by ensuring the confidentiality of our customers’
personal and business communications by respecting their choice and
preferences, whilst keeping their information secure through various
controls.
To maintain the digital confidence of our customers we will be
implementing initiatives which will broadly cover a number of areas
within the Group. These include how we process and protect personal
data; maintain a cross-functional Privacy Team; detect and report
non-conformities; and create an organisational and employee culture
founded on a clear understanding of the importance of protecting
and respecting our customers’ information.
In 2015, we implemented the Axiata Regulatory Compliance
Framework as an integral part of our Corporate Governance
Framework which provides the Board of Directors oversight of
Axiata’s regulatory compliance performance. Its objective is to set
baseline expectations in all Operating Companies (OpCos) in relation
to Regulatory Compliance, placing Axiata and our OpCos in the best
position of compliance with regards to regulatory obligations. It also
assists the Group to manage exposure to unacceptable compliance
risks, and ensure compliance with regulatory authorities.
Within each of our OpCos, compliance with national laws and
regulations are a vital core of our OpCos’ Data and Privacy Policies. In
Malaysia, we have set our commitment to privacy and security at the
highest level, based on the Personal Data Protection Act (PDPA) 2010
and the information security standards ISO 27000.
Axiata Group’s implementation and execution of our Group wide data
privacy actions and measures will be based on three fundamental
pillars:
1.
Personal Data Security
To protect our customers from the threat of hackers and
potential human error, we will utilise a mix of IT system security
and periodic data security audits to secure the personal data of
our customers. We will also adopt a formal Data Retention Policy
to determine when data is to be deleted, once the data is no
longer required for its original purpose.
Where the data processing function is subcontracted to a
vendor or supplier for third party processing and/or cross border
transfers, we will explain our processes to our customers to
ensure they clearly understand our actions and intentions. For
third parties with access to Axiata systems or the personal data of
our customers, we will ensure that they are contractually bound
to maintain Axiata’s data security and privacy protocols, where
subcontractors will be expected to provide data security levels
which are on par with, if not higher than, Axiata’s standards.
2. Personal Data Privacy
To ensure that our customers are aware of how and why we
intend to process their personal data, we will provide all our
customers with choice and control over the use of their personal
data. In this regard, where data is required for purposes essential
to providing a service, for example processing billing payments
or for improvements in service quality, no permission will be
required from customers.
In creating new value through innovative services for today’s
digital-savvy consumer, we will do so by using techniques
to process data where it is not possible to identify specific
customers; and/or provide notice or ask for our customers’
consent if otherwise. This is essential for the purpose of meeting
legitimate business purposes to deliver, provision, maintain or
develop new innovative apps and services.
3. National Surveillance/Support for Law Enforcement
Mobile telecommunications information are playing an
increasingly important role in activities related to national
surveillance and support for law enforcement.
As a responsible Group, we will complywith local law enforcement
and national security requirements and will respond to requests
from authorities as stipulated in laws and regulations.
As Axiata embarks on its journey towards becoming a New Generation Telco, we remain
committed to respecting and protecting the data and privacy of our 275 million customers
throughout our regional footprint of nine countries across Asia.
axiata group berhad | annual report 2015
088
