Being a responsible company means protecting customers’ and employees’ right to privacy.
We have consistent policies and practices to safeguard personal information about our customers and employees. Crown’s Binding Corporate Rules (BCR) on data privacy – which comply with international legislative requirements and recommendations – are mandatory privacy procedures for all our sites.
It helps keep personal information safe and ensure prompt reporting to management if there is any data breach. We are certified with the US Department of Commerce’s Safe Harbor Program which means handling of customer data according to the standards of EU countries. Most of our offices also ensure that individual customers sign a consent form prior to the processing of their personal data.
Because in some cases sensitive information is also handled by its service partners, Crown’s supply chain management system emphasizes compliance with data privacy policies through the qualifying and contractual stages of an engagement. This is led by Crown’s Chief Risk Officer and a Group Compliance Officer, appointed in 2014.
ISO 27001 is an externally audited information security standard that Crown has achieved and is extending to its businesses around the globe. At the end of 2015, 28 Crown sites have achieved this certification, up 26% from 2013. In 2016, the company targets successful certification at additional sites, including our Hong Kong headquarters.
Achieving this at headquarters will have a positive impact across the organization. We target 10% growth in site certifications in 2016.