2012 privacy english
TRANSCRIPT
-
7/27/2019 2012 Privacy English
1/57
Our purpose
We enable people with life-altering conditions to lead better lives
Information Privacy and SecurityAwareness Training
Annual Update 2011-2012
-
7/27/2019 2012 Privacy English
2/57
Table of Contents
Annual Update - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 3
Why is this training important to you? - - - - - - - - - - - 4
Second City Skit - - - - - - - - - - - - - - - - - - - - - - - - - - - - 6Message from Angus Russell - - - - - - - - - - - - - - - - - - - 7
Course Objectives - - - - - - - - - - - - - - - - - - - - - - - - - - - 8
Framework of Shires Global Privacy Program - - - - - - 9
Module 1 Global Privacy Laws - - - - - - - - - - - - - - - - 10
Key Concepts -- - - - - - - - - - - - - - - - - - - - - - - - - 11
Module 2 Internal Privacy Principles - - - - - - - - - - - 15
Notice - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 18
Choice - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 19
Access - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 20
Data Integrity - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 21
Disclosure to Third Parties - - - - - - - - - - - - - - - - - - - 22
Security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 23
Accountability & Enforcement - - - - - - - - - - - - - - - - 24
Privacy by Design - - - - - - - - - - - - - - - - - - - - - - - - - - 25
Module 3Shires External Privacy Statements - - - - 26
Statement - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 27
Notice - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 29
Choice - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 30Access - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 31
Data Integrity - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 32
Disclosure to Third Parties - - - - - - - - - - - - - - - - - - - 33
Security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 34
Accountability & Enforcement - - - - - - - - - - - - - - - - 35
To be as brave as the people we help2
Module 4 Information Security - - - - - - - - - - - - - - - - - - - 36
Why Information Security is a Priority - - - - - - - - - - - 37
Shires Corporate Information Security Policy - - - - - 38
What is Electronic Communication - - - - - - - - - - - - - 40
No Expectation of Privacy - - - - - - - - - - - - - - - - - - - - 41
Associated Policies - - - - - - - - - - - - - - - - - - - - - - - - - 42
Module 5 Defensive Intelligence Practices - - - - - - - - - - - 43
Information Security & You - - - - - - - - - - - - - - - - - - 45
Personal & Confidential Information - - - - - - - - - - - - 46
Where is Information at Risk? - - - - - - - - - - - - - - - - 47
Best Practice
Workspaces/Devices - - - - - - - - - - - - - - - - - - - - 48Handling Personal or Confidential Info - - - - - - - 49
Traveling & Working in Public - - - - - - - - - - - - - 50
Phone/Email - - - - - - - - - - - - - - - - - - - - - - - - - - 51
Meeting Rooms & Offsites - - - - - - - - - - - - - - - 52
Conferences & Traveling - - - - - - - - - - - - - - - - - 53
Visitors & 3rd Parties - - - - - - - - - - - - - - - - - - - - 54
Reporting Privacy & Information Security Incidents - - - - - 55
Who Should you Contact - - - - - - - - - - - - - - - - - - - - - - - - - 56
-
7/27/2019 2012 Privacy English
3/57
This training program update is designed torefresh your awareness of Shires Global PrivacyProgram and steps you can take to maintainShires commitment to data privacy and security.
There are five sections to this training: Global Privacy Laws
Shires Privacy Principles
Shires External Privacy Statements
Information Security
Defensive Intelligence Practices
To be as brave as the people we help3
Information Privacy & Security Awareness Training
Annual Update 2011-2012
This is a refresher course
that builds upon basic
training that began in 2009.
The basic training slide
deck is still available on
ORBIT (English language
only).
Go to Compliance & Risk
Management / Privacy
Compliance Program to
find the original slide deck.
-
7/27/2019 2012 Privacy English
4/57
To be as brave as the people we help4
Every day around the world Shire accesses, collects, stores, analyzes andshares personally identifiable information from multiple sources inorder to conduct its business and enable people with life-alteringconditions to lead better lives.
Protecting personally identifiable information and respecting privacy arefundamental parts of our commitment to patients, healthcare
professionals, our employees, and the community.
Why is this training important to you?
Safeguarding Identity: Protecting your identity and
the identity of your co-workers, business partners,
and the patients we serve.
-
7/27/2019 2012 Privacy English
5/57
To be as brave as the people we help5
Shire employees at all levels have access to informationthat is confidential or proprietary to the organization.
We all share an obligation to protect that information.The loss or theft of Shires confidential information is arisk to the company, and possibly to you, personally.
Why is this training important to Shire?
Safeguarding Shire information: Protecting Shire
information by keeping it confidential.
-
7/27/2019 2012 Privacy English
6/57
Second City Skit Loose Lips
Click on the picture below to watch the video
http://shchmos02/shire/Documents/Compliance%20and%20Risk%20Management/Privacy/2012-Privacy%20docs/Loose%20Lips-High.wmv -
7/27/2019 2012 Privacy English
7/57
To be as brave as the people we help7
The Importance of Information Privacy & SecurityA message from Shire CEO Angus Russell
This training update is an
important part of Shires global
compliance program and our
efforts to comply with laws and
regulations governing data privacy
and security.
It will help prepare you to
represent our team in the positive,
ethical manner that has come to
define who we are at Shire.
Thank you for participating.
-
7/27/2019 2012 Privacy English
8/57
To be as brave as the people we help8
Course Objectives
As a result of this training, you should be able to
Understand the framework of Shires Global Privacy
Program and some key concepts.
Understand that it is your responsibility to apply Shire's
Privacy and Security policies in all your business
interactions.
Locate resources for questions and concerns about
information privacy and security.
This training is mandatory on an annual basis for all Shire employees/contractors
who have a Shire e-mail account or have access to Shire systems/applications
-
7/27/2019 2012 Privacy English
9/57
To be as brave as the people we help9
The Framework of Shires Global Privacy Program
Practices
Security
External
Statements
Internal Principles
Global Privacy Laws
Defensive Intelligence practices in our day-to-day operations help us maintain ourcommitment to privacy and data security.
Shires Corporate Information Security Policyprovides guidance on protecting Shireselectronic information assets.
Shires external Privacy Statements (orPolicies) that are viewed by the public on ourwebsites communicate the minimumstandards that Shire endeavors to maintainregarding the collection and use of personalinformation on that site.
Shires Internal Privacy Principlescommunicate the key principles guiding ourinternal data protection activities.
Global Privacy Laws are designed to protect theprivacy and security of personal informationused in commerce.
-
7/27/2019 2012 Privacy English
10/57
Our purpose
We enable people with life-altering conditions to lead better lives
Module 1
Global Privacy Laws
Practices
Security
External Statements
Internal Principles
Global Privacy Laws
-
7/27/2019 2012 Privacy English
11/57
To be as brave as the people we help
11
Global Privacy Laws are designed to protect the privacy and security of
personal information used in commerce.
There are more than 100 countries
that have privacy and/or data
protection laws protecting Personal
Information* - over 150 laws in the
aggregate - and the number is
increasing.
* Note that the terms personal data, personal information, and personally identifiable information or PII may be used
throughout this training and are intended to mean PersonalInformation as defined in Shires Privacy Principles. Personal
Information deemed sensitive may or may not be more specifically defined by law or regulation depending upon the
country. Some examples are provided in Shires Privacy Principles.
-
7/27/2019 2012 Privacy English
12/57
Trans-border Data
Flows
To be as brave as the people we help
12
International Data Transfer - One of the key privacy and data protection issues we
deal with at Shire is the need to transfer data in order to operate globally amongour own affiliates or with third parties.
Certain countries do not allow international data transfer of Personal Information!
International Data Transfer means moving data from one country to another (trans-border) as
well as being able to access or view data in one country from another country.
The member states of the EU/EEA, Switzerland, and some other countries, prohibit international
data transfer of Personal Information to countries that dont have privacy laws similar to the
European standard. The USA is one such country.
Global Privacy Laws Key Concept
-
7/27/2019 2012 Privacy English
13/57
Personal Data of residents
of the EU/EEA
countries, or Argentina,
Australia, Switzerland,
Canada, Colombia,
Hong Kong, Indonesia,
Malaysia, Philippines,Poland, Russia,
Thailand
To be as brave as the people we help
13
Global Privacy Laws Key Concept
International Data Transfer Not Permitted - Examples
US-located server
Load to corporate database in EEA, to beviewed/accessed by a person in the US or some other
country where not permitted.
Trans-border Data Flows
Trans-border Data Flows
US-located person
EU-located server
-
7/27/2019 2012 Privacy English
14/57
To be as brave as the people we help
14
Global Privacy Laws Key Concept
International Data TransferCompliant Options
There are mechanisms available to allow trans-border
transfer of PII: Consent of the Data Subject
International Data Transfer Agreements
Binding Corporate Rules
EU-US Safe Harbor Certification (also available Switzerland-US)
Other special exceptions may be available under laws or
regulations of particular jurisdictions.
Contact the Director of Privacy at
[email protected] or your local Legal Department
for more information.
mailto:[email protected]:[email protected] -
7/27/2019 2012 Privacy English
15/57
Our purpose
We enable people with life-altering conditions to lead better lives
Module 2
Shires Privacy Principles
Practices
Security
External Statements
Internal Principles
Global Privacy Laws
-
7/27/2019 2012 Privacy English
16/57
To be as brave as the people we help
16
Shires Internal Privacy Principles
The Privacy Principles are statements based on internationally recognized
practices(1)
relating to the treatment of Personal Information, and are in thespirit of Shires commitment to conducting its business in an ethical and
legally compliant manner.
The statements set the global minimum standard for safeguarding Personal
Information within Shire.
Together, the Privacy Principles combined with the Employee Code of EthicsPolicy and Corporate Information Security Policy express and support Shires
privacy commitment to patients, healthcare professionals and alliance
partners, our employees and all other individuals with whom we have
business interactions.
(1)E.g. OECD Standards; APEC Privacy Principles
-
7/27/2019 2012 Privacy English
17/57
To be as brave as the people we help
17
Shires Internal Privacy Principles
Shires internal Privacy Principles are based on the following seven principles:
1 Notice
2 Choice
3 Access
4 Data Integrity
5 Disclosure to Third Parties
6 Security
7 Accountability & Enforcement
-
7/27/2019 2012 Privacy English
18/57
To be as brave as the people we help
18
Shires Internal Privacy Principles
1
Notice
We respect the privacy of Personal Information.
We offer privacy notices that explain how and why we
handle Personal Information.
Where required by law and according to localrequirements, we inform individuals when Personal
Information is collected about them.
-
7/27/2019 2012 Privacy English
19/57
To be as brave as the people we help
19
Shires Internal Privacy Principles
Where appropriate, we respect individual choices
regarding the collection, use and disclosure of Personal
Information.
We only collect, use, disclose and retain PersonalInformation that is relevant and useful to effectively
conduct/administer our business.
Where required by law, regulations, or guidelines, we
obtain an individuals consent to process (use, maintain,
transfer or otherwise handle) their Personal
Information.
2 Choice
-
7/27/2019 2012 Privacy English
20/57
To be as brave as the people we help
20
Shires Internal Privacy Principles
3 Access
We strive to provide individuals the opportunity to
access the Personal Information relating to them
and, where applicable, to comply with requests to
correct, amend, or rectify the Personal Information
where incomplete, inaccurate or not compliantwith the standards and procedures established at
Shire.
-
7/27/2019 2012 Privacy English
21/57
-
7/27/2019 2012 Privacy English
22/57
To be as brave as the people we help
22
Shires Internal Privacy Principles
5 Disclosure to Third Parties
We limit the access to and disclosure of Personal Information
internally and with third parties.
Where we share Personal Information, such as permitting
access, transmission or publication with third parties
(either within or outside Shire) we do so only with a
reasonable assurance that the recipient will apply suitable
privacy and security protection to the Personal
Information. This may include contractual protections and
controls.
We strive to comply with legal restrictions and requirementsthat apply to the international transfer of Personal
Information.
-
7/27/2019 2012 Privacy English
23/57
To be as brave as the people we help
23
Shires Internal Privacy Principles
6 Security
We use appropriate information security safeguards and records
management to protect Personal Information.
Section 4 of this training highlights the
Corporate Information Security Policy.
-
7/27/2019 2012 Privacy English
24/57
To be as brave as the people we help
24
Shires Internal Privacy Principles
7 Accountability & Enforcement
We provide individuals with an opportunity to ask questions
and register complaints regarding our handling of their
Personal Information.
All employees, contractors, agents, temporary staff, suppliers
and affiliates are expected to comply with these Privacy
Principles. Any employee or contractor that violates these
principles may be subject to corrective and/or disciplinary
action, which may, in serious cases, result in dismissal or
removal from office.
-
7/27/2019 2012 Privacy English
25/57
To be as brave as the people we help
25
Practical Application of the Privacy Principles
Privacy by Design
Consider data protection and privacy as you design or review a new
process or application or make any changes to an existing process orapplication that involves Personal Information. This applies to both
manual and electronic processes.
Ensure that data protection and privacy is a requirement in your RFP to a
third party.
Work with the Director of the global Privacy Program and your local legalcounsel to ensure that you are aware of data protection and privacy
requirements in your locality and to address potential compliance issues
that may arise from the process or application.
Contracts for services that involve processing PII require special language
about data protection and privacy in most jurisdictions.
-
7/27/2019 2012 Privacy English
26/57
Our purpose
We enable people with life-altering conditions to lead better lives
Module 3
Shires External Privacy
Statements
Practices
Security
ExternalStatements
Internal Principles
Global Privacy Laws
-
7/27/2019 2012 Privacy English
27/57
To be as brave as the people we help
27
Shire's External Privacy Statements
Shire uses e-Commerce in many ways including: product brand sites, sponsored
therapeutic area information sites, patient assistance/support sites, physician supportsites, IST registries, Grant registries, and trial recruitment sites, to name a few.
Any type of e-Commerce site, or any site that registers visitors and collects their information in any
way must have a privacy statement.
An external Privacy Statement (also known as a Privacy Policy) is a document on a public-facing
website that tells visitors how the website will be using their Personal Information.
It protects the company and indicates to visitors what they are agreeing to by using the website.
The privacy statement should be prominently displayed and clearly disclose whether or not
information is collected, the types and means by which information is collected, i.e. cookies, the
way that information will be used, whom will be granted access to that information, and most
importantly, what options the consumer can exercise in controlling that information.
Contact the Director of the global Privacy Program or your local legal counsel to obtain an
appropriate privacy statement/policy for a website.
-
7/27/2019 2012 Privacy English
28/57
To be as brave as the people we help
28
Shires External Privacy Principles
Similar to the Privacy Principles, Shires external Privacy Statements follow sevenprinciples:
1 Notice
2 Choice
3
Access
4 Data Integrity
5 Disclosure to Third Parties
6 Security
7 Accountability & Enforcement
-
7/27/2019 2012 Privacy English
29/57
To be as brave as the people we help
29
Shires External Privacy Principles
1 Notice
Our Statement is designed to tell visitors to the site
about our practices regarding collection, use, and
disclosure of information they may provide, either
actively or passively, via the site.
Our Statement may have special provisions about
collecting information from children, where
applicable.
-
7/27/2019 2012 Privacy English
30/57
To be as brave as the people we help
30
Shires External Privacy Principles
Our Statement tells the visitor they have a choice whether
or not to agree to our policy for the use of the site and
may be asked to Opt In or Opt Out of that consent.
2 Choice
-
7/27/2019 2012 Privacy English
31/57
To be as brave as the people we help
31
Shires External Privacy Principles
3 Access
Our Statement provides a means to contact Shire with any
questions, comments, or concerns about our information
practices or to request that information be corrected or
removed.
-
7/27/2019 2012 Privacy English
32/57
To be as brave as the people we help
32
Shires External Privacy Principles
4 Data Integrity
Our Statement says that we will keep personally
identifiable information accurate, current, and
complete, and we will take reasonable steps to update
or correct the information in our possession based onwhat the visitor has submitted.
-
7/27/2019 2012 Privacy English
33/57
To be as brave as the people we help
33
Shires External Privacy Principles
5 Disclosure to Third Parties
Our Statement indicates that we may disclose personally
identifiable information to our affiliates or to third
parties in other countries who agree to treat it in
accordance with the policy, and we do so only for certain
purposes.
-
7/27/2019 2012 Privacy English
34/57
To be as brave as the people we help
34
Shires External Privacy Principles
6 Security
Our Statement says that we take reasonable steps to
protect personally identifiable information from loss,
misuse, unauthorized access, disclosure, alteration,
or destruction.
We will retain the information only as long as needed to
fulfill the purposes for which it was collected, or
until a user requests it to be deleted.
We will endeavor to notify the data owner in the event
of an incident or breach of personally identifiable
information.
-
7/27/2019 2012 Privacy English
35/57
To be as brave as the people we help
35
Shires External Privacy Principles
7 Accountability & Enforcement
Compliance with these principles is the
responsibility of every Shire employee.
-
7/27/2019 2012 Privacy English
36/57
Our purpose
We enable people with life-altering conditions to lead better lives
Module 4
Information Security
Practices
Security
External Statements
Internal Principles
Global Privacy Laws
-
7/27/2019 2012 Privacy English
37/57
To be as brave as the people we help
37
Information SecurityWhy Information Security Is A Priority
The Value of Information
Shire holds sensitive information on patients, providers and employees,trade secrets, research and other information that gives a competitive
edge. As more and more of this information is stored and processed
electronically and transmitted across company networks or the internet,
the risk of unauthorized access increases and we are presented with
growing challenges of how best to protect it.
Protecting InformationSteps must be put in place to protect information. If left unprotected,
information could fall into the wrong hands, it can wreck lives, bring down
businesses and even be used to commit harm. Ensuring that information is
appropriately protected is both a business and legal requirement.
Information BreachesWhen information is not adequately protected, it may be compromised
and this is known as an information or security breach. The consequencesof an information breach are potentially severe, and may entail significant
financial penalties, expensive law suits, loss of reputation and business
that put our ability to serve our patients at risk.
-
7/27/2019 2012 Privacy English
38/57
To be as brave as the people we help
38
Information SecurityShires Corporate Information Security Policy
The Corporate Information Security Policydefines the minimum informationprotection requirements for Shire. Certain jurisdictions may have morestringent protection requirements that must be complied with.
In addition to general policy guidelines and roles and responsibilities, itprovides specific policy statements for:
Access Protection
Network and Remote Access Security
Appropriate Use of Technology resources
Laptops, Desktops, and Mobile Devices
Licenses and Copyrights Risk Assessment, Information, Classification, and Risk Acceptance
All Employees, Contractors, Third Parties, And Anyone With Access To Shire Information Systems, Are
Required To Read, Understand, Acknowledge, And Comply With TheCorporate Information Security Policy
-
7/27/2019 2012 Privacy English
39/57
To be as brave as the people we help
39
Information SecurityShires Corporate Information Security Policy
Everyone is responsible for the protection of the data in their possession
(electronic and paper) and must exercise due care against its theft, loss, ordamage:
Use only authorized software and do not tamper with security
software on your device.
Establishing rogue wireless networks, utilizing unauthorized
remote access services or using unauthorized internet file
sharing/storage technologies are not allowed.
Avoid storing important files on your laptops hard drive. Instead
use a company file share that is backed up and protected.
Do NOT leave your laptop or mobile device unattended.
All Shire assets (electronic files, documents, computers, phones,
iPads, etc.) must be returned upon termination of employment.
If you need help with using any devices, contact the Shire Help
Desk at Ext. 247247 or [email protected].
mailto:[email protected]:[email protected] -
7/27/2019 2012 Privacy English
40/57
To be as brave as the people we help
40
Information SecurityWhat is Electronic Communication
For the purposes of the Corporate Information Security Policy, electronic
communication, is a method of exchanging digital data across the Internet or
other networks.
This includes, but is not limited to, email, Instant Messaging, Shiral and other
forms of electronic Social Media.
Appropriate, professional behavior, as well as compliance with Shire Security
and Privacy policies is mandatory regardless of communication method or
data type.
-
7/27/2019 2012 Privacy English
41/57
To be as brave as the people we help
41
Information SecurityNo Expectation of Privacy
Shires Corporate Information Security Policy states that:
Employees should not have any expectation of privacy with respect to any
electronic communication that they have sent or received using Shire networks
or electronic communication services.
All communications from Shire provided services are considered property of Shire.
Network traffic, including Internet access will be controlled and monitored.
In all cases, the right to view and monitor electronic communication is subject to
local law and procedure.
The policy applies to all forms of electronic data and devices.
IMPORTANT NOTICE NO EXPECTATION OF PRIVACY
-
7/27/2019 2012 Privacy English
42/57
To be as brave as the people we help
42
Employees should make themselves aware of associated Shire Polices thataddress information handling and ethics: Employee Code of Ethics Policy
Social Media Policy
Corporate Responsibility
HR Policies regarding standards of employee conduct:
Media, Legal and Government Inquiries
Policies regarding harassment and discrimination
Policies regarding personal information protection for employees
Record retention policies
Any employment or other agreement you may have signed which contains confidentiality provisions .
Information SecurityAssociated Policies
-
7/27/2019 2012 Privacy English
43/57
Our purpose
We enable people with life-altering conditions to lead better lives
Module 5
Defensive Intelligence
Practices
Practices
Security
ExternalStatements
InternalPrinciples
Global Privacy Laws
-
7/27/2019 2012 Privacy English
44/57
To be as brave as the people we help
44
See Shires Keep it Confidential e-Guide on ORBIT for
more information and tips on safeguarding Shire
Information.
-
7/27/2019 2012 Privacy English
45/57
To be as brave as the people we help
45
Shires Information Security & You
The loss or theft of Shire information is a serious risk to the company and may
be a risk to you personally. Consider these points regarding your role in safeguarding information at
Shire
You have access to information that external groups or companies want:
Intelligence about products, the company, external partners, personal data.
You are legally responsible for protecting Shire information and must take
appropriate steps to minimize the risk of loss to third parties.
Good defensive intelligence is largely common sense.
Taking some simple steps can have a dramatic impact
Third parties will be interested in many different types of
-
7/27/2019 2012 Privacy English
46/57
To be as brave as the people we help
46
Third parties will be interested in many different types of
information not all of it may be related to Shire brands
Organisational
structure
Business
Development
Product
strategy
Regulatory
timelines
Clinical trial
data
Salary
information
Budgetinformation
Pipeline
information
New market
entries
Launch
timelines
P&R
negotiations
Employment
expansion
plans Site expansion
plans
Offsite
meeting plans
Financial
performance
data
Employee
information
All of these can be considered Personal and Confidential Information
Employee
benefit
schemes
Corporate
policies
-
7/27/2019 2012 Privacy English
47/57
To be as brave as the people we help
47
Where Is Information At Risk?
Meeting
Rooms
Visitors
TelephoneWorkplaces/
Devices
Travel
Conferences
Transfer to
Vendor
Joining /Leaving
Shire
Hotels &Offsite
Meetings
-
7/27/2019 2012 Privacy English
48/57
To be as brave as the people we help
48
Best Practice: Keeping Your Workspaces/Devices Secure
Make a habit of securing your workstation.
During the work day Set your computer screen to auto lock after a
defined period of inactivity.
Lock the screen (Ctrl+Alt+Del) when leaving
workstations unattended.
Never leave laptops, PDAs, cell phones, flash
drives, CDs unsecured. At the end of the day
Log off all systems before leaving.
If you work in an open floor plan and have a
laptop device, take it with you or log out, turn it
off and lock it away in a cabinet.
If you work in an office, lock it.
-
7/27/2019 2012 Privacy English
49/57
To be as brave as the people we help
49
Best Practice: Handling Personal or Confidential Information
Take these actions when handling confidential information
Retrieve It - When printing Personal or Confidential Information, retrieve itimmediatelydont leave it lying around for others to access.
Keep It - Do not leave Personal or Confidential Information unattended on
desks, near copy machines, or in easily accessible public locations.
Secure It - Lock Personal or Confidential Information in file cabinets and desk
drawers during non-working hours or if office is to be shared.
Shred It - When finished with Personal or Confidential Information, immediately
shred it or place it in containers provided for that purpose, rather than simply
throwing it away.
Erase It - Erase/close/cover white boards when not actively in use.
-
7/27/2019 2012 Privacy English
50/57
To be as brave as the people we help
50
Best Practice: Traveling & Working In Public
Talking in public
Dont discuss confidential business inpublic areas (e.g. airport lounges).
Discussions held in restaurants,
airports, on trains and in other public
places can be overheard and you
never know who is listening.
Discussions held on public and
cellular telephones can be overheard
and can also be tapped or
intercepted.
Working in public
Be aware of shoulder surfers.
Use privacy screens on laptops
Dont leave materials/Shire devices
lying around
If you must leave a laptop in the
car, make sure it is hidden away
from site in the boot
Do not pack Shire devices in
checked luggage!
-
7/27/2019 2012 Privacy English
51/57
To be as brave as the people we help
51
Best Practice: Using Phone/Email
When using the phone/e-mail
Identify the person with whom you are communicating.
Dont answer questions unless you are sure of the purpose and identity of the
caller/e-mailer. If youre unsure, offer to return the call at a better time.
Never give away employee names or contact information to unknown
callerstake their details instead and pass these on to your colleague.
If an unknown caller says that another employee told them to contact you,check first with the other employee before continuing.
Always be skeptical of information requests, including e-mails asking you to
participate in surveys.
Direct all strange calls/e-mails or rude callers to your local security desk or
contact [email protected]. You can also forward e-mails to
Global Competitive Intelligence: [email protected].
-
7/27/2019 2012 Privacy English
52/57
To be as brave as the people we help
52
Best Practice: Using Meeting Rooms On & Offsite
All Participants
Hold discussions in private areas; be
aware of your surroundings.
Identify everyone attending the
meeting.
Ensure room will be secured if
materials are to be left unattended
during breaks.
Do not leave materials or devices in a
meeting room overnight even if thevenue assure you it is OK
Meeting planners/hosts
When booking, check the venue will not
be hosting other competitor meetings atthe same time
Dont use Shire name/logo on meeting
room signs or banners
Take all materials with you; clear the
room and erase boards.
Ensure any TC/VC is connected to the
right meeting.
Leader of the meeting should provide a
reminder to the group about defensive
intelligence at the beginning of the
meeting
DI rules apply to the evenings as well!
Consider privacy when making dinner
reservations.
-
7/27/2019 2012 Privacy English
53/57
To be as brave as the people we help
53
Best Practice: Attending Conferences & Travelling
Use discretion and these common sense practices when travelling or attending
conferences
Remember: observers can look over your shoulderkeep confidential information
stowed during travel and if you must work in public, use a laptop privacy screen.
Never discuss Shire business in public venues such as elevators, hotels, trains, planes,
airport lounges, exhibit halls or restaurants.
No discussion in a public place is private.
Remind attendees, including vendors/guests/presenters, of confidentiality
obligations.
Dont assume everyone is a potential customer! Competitors will have competitive
intelligence consultants on site at meetings trying to find information about Shire.
When approached, find out whom you are speaking with and ask for more specific
information if the first response is vague or seems insincere.
Electronically transmit informationminimize hard copy distribution of schedules
and other sensitive documents.
-
7/27/2019 2012 Privacy English
54/57
-
7/27/2019 2012 Privacy English
55/57
To be as brave as the people we help
55
Reporting Privacy & Information Security Incidents
Immediately report the incident to the Shire
Global IS Service Desk (247247).
Immediately report the incident to your line
manager/supervisor.
Working with the Shire Global IS Service Desk,
immediately change all of your Shire passwords
and access codes.
Complete the Equipment Loss, Damage or Theft
Report (available on ORBIT) within 48 hours of
discovery of the incident, and send it to the
Information Security team via email at
In the event of the loss, disappearance, or theft of Shire Corporate Information, including
but not limited to Personal Information, or Information Assets or equipment in any form,
you are required to follow this procedure:
mailto:[email protected]:[email protected]:[email protected] -
7/27/2019 2012 Privacy English
56/57
To be as brave as the people we help
56
Who Should You Contact With Questions?
For guidance about the appropriate classification and
use of Personal Information you collect and handle: Contact your local legal counsel or email the Privacy
Director in Global Compliance & Risk Management at
For guidance about the appropriate use of Shires
technology resources:
Contact Shire Information Security at
To confidentially report a suspected data security
breach:
Contact the Global Compliance Helpline where available.
You can find the contact numbers on ORBIT.
mailto:[email protected]:[email protected] -
7/27/2019 2012 Privacy English
57/57
To be as brave as the people we help
Thank you for taking this Privacy Training!