Security and privacy
for customers and employees
Millions of customers trust us with their personal data – from online activities and e-mail traffic to invoicing data. As a telecom provider, we therefore bear a great deal of responsibility. We protect all data traffic and customer information to the highest possible standard. The privacy and security of our customers and their data is the prime consideration in every choice we make.
TWICE AS SECURE
Under the initiative ‘Security First’, we believe that everything we do must first be secure for the sake of our customers, company and employees.
An example of our work is the protection we offer against phishing and other cybercrime. A large amount of cybercrime occurs using links in fake messages – what is often referred to as ‘phishing’. That is why we apply strict security at the gate. We block e-mails and text messages that do not meet specific security requirements as much as possible. However, if something still slips through the net, we isolate the infection from the rest of our network.
Moreover, we have now activated dual-factor authentication for all our customers. That applies to e-mail accounts and the My Ziggo and My Vodafone platforms. When logging in, users confirm their identity, for example, via a text message containing a security code or by using a Microsoft or Google authenticator. For us, it is always security over convenience.
EVERYONE PLAYING THEIR PART
We can only achieve our major ambitions – to apply the highest standard and to be the best in class – if everyone in our organisation plays their part. That was why in 2022, we established a structured security awareness programme linked to clear objectives and measurable results. We communicate with our colleagues on security matters across multiple channels; they even receive specific notifications based on their individual behaviour.
We’re also busy collaborating outside the walls of our company. We pool our expertise and experience with that of others and are continually involved in discussions with government bodies, the judicial authorities, and other parties within our sector and other sectors. The goal is to work together towards a cyber-resilient Netherlands.
PRIVACY CHAMPIONS
Our privacy specialists are constantly working to protect our customers’ data. Our in-house privacy champions assist them in this: employees with additional expertise and experience who keep a watchful eye on privacy issues. We also work together to make all colleagues privacy conscious. For example, all new employees undergo training in privacy and security as part of their onboarding at VodafoneZiggo.
At the same time, our employees can work safe in the knowledge that their own data is secure. For example, we do not use reports with visible individual data during internal data collection and organisational network analysis (ONA). Whether it is the footage collected by security cameras, the software in technicians’ vehicles to identify the shortest possible routes and reduce fuel consumption, or the internal surveys we use to measure diversity, we work hard to safeguard the privacy of our employees.
Everything that we do must be secure for the sake of our customers, our company and our employees.
CUSTOMERS IN THE DRIVING SEAT
Our customers retain control over their own data via a personal privacy dashboard. They can easily make a request there to receive an overview of their personal data have the right to request to delete (part of) their personal data.
Government and investigative authorities sometimes ask us to share customer data with them. Requests of that type are evaluated by a special team. We only comply with those requests if required to do so by law or in accordance with a court order.
BALANCING INTERESTS
Data fuels many of our innovations, which is why our experts test all new technology and solutions for privacy risks. In 2022, we carried out 255 privacy quick scans, which resulted in 200 initiatives being examined more closely by staff from the Privacy Office. If multiple interests are at play and need to be considered, the plans will then be assessed and documented by a multidisciplinary team. This process enables us to document why and under what conditions we carried out a particular processing of personal data.
SERVICE AND PRIVACY
We like to help customers efficiently with problems related to their home network via phone or web chat. This convenient service can have an impact on the privacy of customers. To stay safe, we communicate clearly with them about what we can and cannot see and ask for their permission where necessary.
Data breaches and reports
A data breach is when data ends up in the wrong place, such as in an e-mail sent to an incorrect recipient or a file containing customer data being made public. We should limit data breaches as much as possible. When data breaches do occur, however, we report them immediately. Breaches of certain size and nature are required to be reported to the Dutch Data Protection Authority. In 2022 we made 54 reports. The decline in reports over the past year is driven by applying better measures like two factor authentication on the digital customer portals, masking of bank numbers and a change in definition of large and severe breaches.
Blauw Research, a market research agency, recently informed us on a data breach by one of its suppliers. It is possible that our customer data is involved in this data breach. As a cautionary measure, VodafoneZiggo informed customers on 29 and 30 March 2023 about the data breach. We have notified the incident to the Dutch Data Protection Authority and continue to monitor the situation.