Swisscom attaches great importance to the legally compliant and responsible processing of personal data. In order to meet its own requirements, Swisscom increased the number of staff in the organisational unit responsible for compliance with data protection in the past financial year and implemented a large number of protective measures. The responsible teams now have a tool with which they can periodically check their products or business processes for compliance with data protection. Swisscom significantly improved the transparency of data processing for new products. Several training sessions were conducted to increase employees’ awareness of data protection. In addition, new roles were created and trained in all divisions of Swisscom and the Group companies in order to embed data protection in operations too. Finally, Swisscom started to implement the requirements of the new Swiss Data Protection Act early.
Swisscom works continuously to extend its data protection measures. Data protection within Swisscom is controlled and monitored by a central data governance unit, which works closely with all the divisions and other staff units.
Despite efforts to continuously increase data protection, Swisscom had to communicate two incidents relevant to data protection in the year under review. Due to a faulty software component, some of the data of several hundred private users of the free version of “myCloud” was deleted. Swisscom subsequently took all steps to prevent such an incident from occurring in the future. Swisscom also discovered that 39 incorrect e-mail addresses were stored in one of its customer systems. E-mails from Swisscom to private customers for whom one of these e-mail addresses was stored were sent to a third-party e-mail account. Swisscom corrected the entries as soon as it became aware of the issue and adapted the customer system to rule out such incidents in future.See www.swisscom.ch/dataprotection