Deloitte 2012 Global Report
Share
Share this article

Data privacy & security

Data privacy & security

Keeping data safe, secure, and private has never been more critical

Workforce mobility, cloud computing, and social media—as well as sophisticated cybercriminal tools—create abundant opportunities for data security breaches. The stakes in data security are rising as national privacy laws become more stringent and member firm clients seek stronger assurances that their data is safe.

During FY2012, DTTL's data security and privacy teams worked with the member firms on evaluating security and privacy programs for compliance with DTTL's policies and on strengthening these programs. DTTL has created an online course and launched an internal campaign to make practitioners aware of data security risks when using social media and other online tools. A global security awareness council was also established to reinforce understanding among Deloitte's people of their responsibilities to protect data.

In November 2011, the legal entity that employs most United States-based personnel working on behalf of DTTL recertified its adherence to the Safe Harbor Framework, which bridges differences between the United States and European Union privacy laws and helps safeguard permitted personal information sharing among Deloitte member firms and DTTL.

Read more

The clients and people of Deloitte member firms routinely entrust the firms with highly sensitive information that is needed to perform projects or provide employee services and benefits. To retain the trust of their stakeholders and comply with contracts and regulations, Deloitte member firms make every effort to prevent data security failures and limit harm from privacy breaches.

Even strong information security programs are subject to lapses: laptops, smartphones, and documents can be lost or stolen or let slip accidentally. And opportunities for such breaches are multiplying as workers and IT hardware become more mobile, increasing volumes of data are transmitted and remotely stored, and the use of social media accelerates.

DTTL and its member firms have moved rapidly to keep their privacy and security policies and practices up-to-date with global mandates and stakeholder expectations. DTTL's global policy on information security requires member firms to institute a wide range of security measures, covering areas such as virus protection, data backup and recovery, encryption, password authentication, access to systems, and network security.

Member firms must affirm on an annual basis that they comply with this policy. In addition, DTTL's information security specialists work with member firms to strengthen their information security regimes when necessary.

DTTL's comprehensive global privacy policy took effect in August 2011. This policy requires every member firm to put in place:

  • A privacy policy that defines principles to be followed in all data handling processes and systems and that meets the requirements of local laws, customs, and regulations
  • A designated privacy leader
  • A process for responding to privacy incidents
  • Regular privacy communications and training programs for member firm people
  • An annual self-assessment of compliance with the DTTL privacy policy

To help ensure a consistent and high standard of compliance throughout the global network, DTTL's privacy specialists have created a toolkit, sample policies, and an online training program to assist member firms in all jurisdictions establish these program elements.

The legal entity that employs most United States-based personnel working on behalf of DTTL, certified its adherence to the Safe Harbor Framework in November 2009 and has re-certified this adherence in 2010 and 2011, each time completing a comprehensive verification process. The Safe Harbor Framework between the U.S. Department of Commerce and the European Commission gives U.S. organizations a set of requirements for complying with the European Directive on Data Protection, which governs the transfer of personal information from the European Union (EU) to third countries such as the United States, among other issues. This framework is designed to bridge differences between the privacy protection approaches of the United States and the EU.

Back to top