Data protection

Swisscom attaches great im­por­tance to the legally compliant and re­spon­si­ble processing of personal data. In order to meet its own re­quire­ments, Swisscom increased the number of staff in the organisational unit re­spon­si­ble for compliance with data protection in the past financial year and im­ple­mented a large number of protective mea­sures. The re­spon­si­ble teams now have a tool with which they can periodically check their products or business processes for compliance with data protection. Swisscom significantly improved the transparency of data processing for new products. Several training sessions were conducted to increase employees’ awareness of data protection. In addition, new roles were created and trained in all divisions of Swisscom and the Group com­pa­nies in order to embed data protection in op­er­a­tions too. Finally, Swisscom started to implement the re­quire­ments of the new Swiss Data Protection Act early.

Swisscom works con­tin­u­ously to extend its data protection mea­sures. Data protection within Swisscom is controlled and mon­i­tored by a central data governance unit, which works closely with all the divisions and other staff units.

Despite efforts to con­tin­u­ously increase data protection, Swisscom had to communicate two incidents relevant to data protection in the year under review. Due to a faulty software component, some of the data of several hundred private users of the free version of “myCloud” was deleted. Swisscom subsequently took all steps to prevent such an incident from occurring in the future. Swisscom also discovered that 39 incorrect e-mail addresses were stored in one of its customer systems. E-mails from Swisscom to private cus­tomers for whom one of these e-mail addresses was stored were sent to a third-party e-mail account. Swisscom corrected the entries as soon as it became aware of the issue and adapted the customer system to rule out such incidents in future.