A safe and protected environment for everyone

The number of internet users is only increasing every year. With some 4.7 billion users worldwide and a total data consumption of 6.3 billion GB per day, the role of telecommunications providers in protecting the environment is increasing all the time. Our customers must be able to use the internet and communicate safely and without anxiety and they must be able to rely on the fact that their data and personal details are 100% safe with us. At VodafoneZiggo, we do everything we can on a daily basis to guarantee the privacy of our customers and to protect them from fraud and abuse.

"VodafoneZiggo is at the heart of society. One of the consequences of that is that we are required to comply with a lot of legislation and regulations, ranging from the Telecom Act to municipal bylaws. There are many issues we need to take account of in that regard, such as privacy, cybercrime and big data. Consciousness-raising around these issues is growing: among the population, in politics and in the press. In order to play our part in shaping these developments, we maintain good relationships with government authorities and other bodies.” 

Barbara de Ridder - Jongerden
Executive Director External & Legal Affairs

Safeguarding our customers’ security

We regard it as our social responsibility to safeguard the online and digital security of our customers. Our task is to implement the right security measures to prevent our customers from falling victim to criminal activity or cybercrime and to identify in good time whenever that appears to be the case.

Continuing to comply with legislations and regulations

As a telecommunications provider, VodafoneZiggo has a legal obligation to lend assistance in connection with information requests from competent authorities (such as the police or the investigation services), as long as those requests are submitted in accordance with the applicable procedures. Requests of this type may involve customer information in the event that the customer concerned is suspected of criminal or terrorist activities. Only in cases of that type will we provide information, for example, to the police or the judicial authorities. This only takes place by means of prior assessment by VodafoneZiggo of the applicable procedures. Vodafone Group regularly publishes a report on law enforcement, which includes the approach per country.

For the protection of information, we adhere to international guidelines and local laws and regulations and we follow best practices in the sector. Since 2017, we have a certification for ISO 27001, the international standard for information security management systems. All employees, management and other parties involved are obliged to report shortcomings in or disruptions to security measures.

How we safeguard our customers’ security

Wherever networks and systems become ever more complex and more advanced, cybercriminals will always find new ways of committing fraud or misusing data. These can include spoofing (identity fraud), phishing (internet fraud) or smishing (a new type of phishing that makes use of text messages). At VodafoneZiggo, we are continually working – together with other parties in the sector and other parties in the market such as banks – to protect our customers from these types of threats. Responsibility for these types of activities lies with our security teams. Their role is to safeguard the security of our customer systems, our applications, our data centres and our IT infrastructure. Internal security experts advise our people upon creation of new products and services.

The Cyber Defence Operations departments oversee VodafoneZiggo's infrastructure and online activities. They do this seven days a week, 24 hours a day. Incidents are automatically monitored and reported to our Technical Security department. The security teams at VodafoneZiggo work with them to identify potential threats and work on solutions together. Tests and risk analyses are continually carried out in order to predict and detect risks.

Collaborating with our partners to create a safe society

We are not fighting the battle against cybercrime on our own. We pool our knowledge and experiences with those of other major players, by remaining in dialogue on a structural basis with government authorities, municipalities, judicial authorities and parties from the sector and other industries. The aim is to intensify collaboration between industries in the field of security so that we can work together towards a national approach to and registration of cybercrime. In this way, we are not only devoted to our customers, but also to a safe society as a whole. In 2020, we expanded a number of our collaborative ventures. VodafoneZiggo is a member of the COIN fraud covenant, an alliance within the telecommunications sector that focuses on combating and being able to detect fraud and abuse even quicker, as well as following up on this. We also played an active part in TechScam, an initiative focusing on combating Microsoft scamming and we are also a member of the Safe Email Coalition (Veilig Email Coalition), which brings the business sector and the government together in order to increase confidence in the security of email.

Preventing internal fraud

Not only are we on the alert to detect fraud from outside, but we are also focusing our attention on the risk of internal fraud. Within VodafoneZiggo, a team of five employees actively involved in preventing internal fraud, theft and misconduct. In the event that employees or suppliers commit any type of fraud, the terms of the VZ Investigations Policy state that a disciplinary measure can be imposed, in consultation with the departments concerned. In serious cases, we gather evidence against the persons in question so that we can take measures against them. If necessary, we inform the police and other relevant authorities.

Protecting our customers’ privacy

All of our customers’ data and information must be protected. In that regard, VodafoneZiggo bears a major social responsibility, which we take very seriously. Protecting our customers’ privacy forms a crucial part of our policy and plays an important part in the choices we make as an organisation.

Continuing to comply with legislations and regulations

As one of the largest players in the Dutch telecommunications market, we are of course subject to all kinds of legislation and regulations regarding privacy, and our privacy policy complies with the rules laid down in the General Data Protection Regulation (GDPR). For example, it is prohibited by law to access the content of calls, text messages or internet traffic. It goes without saying that we also adhere to that requirement. What we can do, however – with our customers’ permission – is to make targeted recommendations based on usage, interests and demographics. Needless to say, we do not share personal data with others without permission. We are, however, obliged by law to lend assistance if we receive information requests from government agencies.

For VodafoneZiggo, privacy goes further than complying with legislation and regulations. A special privacy team of four employees works day in, day out to safeguard and protect our customers’ data. Whenever colleagues intend to implement any new plans involving personal data, they must submit them to the privacy team and/or the Data Usage Board, which assesses the effect on privacy and under which conditions the processing can take place. In addition, we look beyond the boundaries of our own organisation and also examine, for example, possible risks in that regard with our new suppliers. We devote attention to creating awareness by providing our employees with training and guidelines. In our privacy statement, we inform our customers or staff of the way we handle personal data. In order to monitor the effectiveness of these activities, spot checks are carried out by our Privacy Officer, internal audits take place and we discuss possibilities for improvement in the event of data breaches.

Integrating privacy into new products and services

When developing new product and services, we always take privacy into account. New projects, systems and applications must first be tested to check for privacy risks so that measures can be taken if they are actually found to pose risks. This is compulsory in accordance with privacy legislation. The relevant checks are carried out using an online privacy management tool. In 2020, a few hundred new initiatives were tested to identify any privacy risks. Whenever teams think up new data applications, they have their idea tested by our Data Usage Board: a group of internal experts that meets every two weeks to determine under which conditions teams may develop those applications further. Key questions that must be tested are: can we do this, are we allowed to do this, should we be doing this?

Customers remain in control of their data

At VodafoneZiggo, our customers are the ones who determine which of their data is or isn’t recorded. Our customers have access to a what we call a privacy dashboard, a secure online environment in which they can see what information we record about them. By means of the dashboard, they can call up an overview of their personal data, change their contact details and give or withdraw permission to make use of their data. Last year, we expanded that overview for Ziggo customers, by including data about TV viewing behaviour and about profiles drawn up based on users’ surfing activity on the Ziggo website. Of course this only applies in the case of customers who have given permission for this. On average, we received more than one thousand requests from customers a month during the past year. In response to customers’ enquiries and additional requests, we regularly update and improve the privacy dashboard.

Handling data opportunities and challenges responsibly

The role of data within our organisation is growing explosively. With the help of data, we can tailor our services and products more effectively to our customers’ wishes and needs. It also enables us to organise our processes more efficiently and help our customers even better and quicker. For example, data helps us to predict when certain network equipment or peripherals may malfunction or when poor Wi-Fi coverage may occur and therefore enables us to take preventive measures quicker and prevent our customers from experiencing faults. At the same time, when accessing so much data, we must be extremely careful wherever it concerns the personal data of customer. We want to utilise the opportunities of data, while at the same time protecting the privacy of our customers and employees. We can achieve this by ensuring that as much data as possible is processed anonymously or that certain data is only used with express permission so that we can send out more relevant communication.

Handling complaints and incidents responsibly

The Dutch Data Protection Authority (Dutch DPA) will be informed of any irregularities or incidents if necessary. If the consequences of an incident are detrimental to the customer, we will inform them as rapidly as possible about how they can limit any negative consequences. Customers with complaints can contact our customer service or contact our Privacy Office directly. A customer is also entitled to submit a complaint to the Dutch DPA. The Dutch DPA will then take up the matter with our Data Protection Officer. Incidents that take place and complaints that we receive are discussed internally in order to determine what precisely has occurred. As part of those discussions, we will try to implement any corrective measures in order to prevent incidents and complaints of that type from occurring in the future.

 

Result 2020

Result 2019

The ability to exercise individual rights & freedoms (right of inspection, right to erasure and right to object) 

17,500 

N/A

Data Usage Requests (requests received from within our own organisation for permission to use data) 

120

100 

Privacy Quickscans 

298 

N/A

Data Protection Impact Assessments (DPIA) 

59 

60 

Privacy by Design assessments (PIAs) 

34 

40 

Supplier check on Privacy & Security 

67 

30 

% of employees who have taken part in privacy e- learning 

100% 

100%  

% of customer service employees who have taken part in e-learning on data breaches  

65% 

N/A

% of data breaches that we reported to the Dutch DPA (following investigation and a consideration of the type/scope) 

70% 

80% 

Working on social awareness about privacy and online security

We see it as our task to increase the level of knowledge within society on the subject of privacy and security and to inform people of the potential risks that exist online. In order to achieve that, we conduct internal and external campaigns to make people aware of the security risks that exist online or in the workplace.

Working to increase awareness among children and senior citizens

Vulnerable target groups, such as children and senior citizens, are generally more susceptible to fraud and online criminality. By offering our education programmes Online Masters (directed at children) and Welcome Online (intended for senior citizens), we aim to increase their awareness and skills regarding these themes. As part of the Online Masters programme, we teach children what privacy means and how they can use apps and the internet safely Security and privacy are important topics that form part of the Welcome Online programme as well. More information about our educational programmes can be found in the chapter on the subject of equal opportunities within society. We also take the vulnerability of these social groups into account in our policies and marketing activities. One of the ways we do this is by only entering into contracts with individuals over the age of 18 and by not directing any marketing messages at people below that age.

Working to improve internal awareness-raising by means of training courses

Internal awareness-raising is one way of ensuring that fraud and misuse are detected and rectified more promptly. During his/her onboarding programme, every new VodafoneZiggo employee is given training on the subject of bribery, fraud and unsafe behaviour. That training is subsequently repeated every year. During the course of the year, we also communicate with our people on topics relating to privacy and security, not only via the intranet and by means of management updates, but also by advising our employees in connection with data initiatives. In 2020, all employees followed an e-learning module on the subject of privacy. Customer service employees also followed a specific module about data leaks and how to prevent them and when requested, we also delivered tailor-made training to teams and departments. During that training, they learned about the privacy legislation and to what extent it affects their work. In order to ensure that privacy is a topic that is supported widely within the organisation, 50 Privacy Champions have since been appointed. These are employees who have received training to enable them to assist with privacy-related issues. In 2020, all Privacy Champions were offered the opportunity to extend their knowledge and to obtain IAPP accreditation by taking part in e-learning.

During the People, Planet, Progress festival in November 2020, a webinar on this topic was organised. In total, 128 colleagues took part in one of the sessions about privacy tips & tricks and about the big data paradox: privacy and/or personalisation.

 

Target 2021

Result 2020

Result 2019

% of new employees who have completed training module about the Code of Conduct concerning safety and security  

N/A

100%

N/A

% of employees who have completed privacy e-learning  

100%

100%

16%

# of employees who have taken part in privacy sessions as part of the PPP festival 

N/A

128

N/A