We understand the importance of personal data privacy and take every step necessary to protect them. To that end, we have established a
Personal Data Privacy Policy that sets out our standards for collection, use, sharing, and protection of personal data. Cyber security has also become a key concern of stakeholders.
Our Information Security Policy ensures the protection of confidentiality, integrity and availability of the Group’s information and technology assets.
Cyber security and critical data (financial, customer, and operation) protection, is included as one of the Group’s key risks. This includes unauthorised access to systems and data, which could lead to privacy breaches on personal information of customers, employees and others and would adversely affect the Group’s business. Such risk is regularly assessed through the risk management process.
The major risk exposure and implementation of risk-mitigating measures are regularly reported to and discussed by the Executive Risk Management Committee for monitoring purpose, while top risks and measures would be reported by Corporate Audit and Risk Management Department to the Board Audit and Risk Committee (on behalf of the Board) for review.
The key to successful protection of customer privacy is our employees. If our employees lack the necessary awareness, mishandle customer information or are unaware of cyber security risks, the potential for a customer information leakage incident can be high. To avert this possibility, we have undertaken various initiatives, such as organising seminars, sharing cyber security tips and conducting phishing simulations. We also host an annual Information Security Week to keep employees up-to-date on personal data protection matters as well as cyber security knowledge.
An example of mitigating the risks of data leakages and maintaining the trust of our customers is that, we make it possible to wipe the data contained in all mobile devices carried by our gas technicians and other frontline employees remotely, in case these devices are lost. We also have strict control over the data storage mechanism in our customer relationship management system in order to minimise the impact of possible hacking incidents.