Fast Company: As big as it is, Procter & Gamble is really just one company globally. How do protect and manage the privacy of your employees when every country has a different set of laws?
Sandy Hughes: We have a global privacy program, which has about 30 part-time members. The council oversees all of the privacy efforts for the entire company. Employee privacy is just one piece of the privacy we manage. We also focus on consumer marketing, consumer contact centers, and recruiting. To oversee all of this, the council has a leader for each type of privacy. They set the guidelines and the agenda. Then there is a regional person who implements -- for the countries within their region -- every type of privacy policy that we control. But the principles in our global privacy program are the same no matter whether you're talking about employees, consumers, recruiting, marketing or otherwise.
FC: Those 30 people oversee privacy guidelines for all 98,000 employees?
Hughes: Yes, and for consumers as well. This approach really lets us operate well throughout the company. In addition, we have a number of external resources like people in law and purchasing on the global privacy council. The person who is responsible for employee privacy -- they coordinate training and special procedures -- has a network of people around the world who are also responsible. Those people on the regional level are looking out for any special legislation changes or things that would make a difference to our global employee privacy program.
FC: How long has this system been in place?
Hughes: We've had employee privacy for about 25 years now. The global privacy council has been in place since the late 1990s.
FC: What's the difference between what you do and what a privacy officer might do in a smaller company?
Hughes: Our biggest challenge around the world is keeping track of all the differences between the countries -- and where changes pop up. The European Directive, which was developed in 1995, was just reviewed so it came from a European Commission point of view. The member countries have all interpreted it a little bit differently, so it's hard to get consistency. As a global company that wants to have one way of doing things globally, it's hard to keep track of that and try to work with various groups to get some consistent interpretation of legislation so we don't have to have different ways of doing things for various countries. The EU directive is what we tend to follow for our global policy, but Germany, Italy, and Portugal all have different interpretations on some of that.
FC: What about when employees move to a different country?
Hughes: It can get complicated. We look at the strictest privacy regulations anywhere in our 80 countries, and we adopt those as our basis for the globe. We take the strictest and say that it's going to be our policy across the board because we want to do what's right. It's part of our purpose, mission, and values to always do the right thing for our employees, our consumers, whomever.
FC: So if I work with P&G, even if my country's guidelines don't offer much protection, I'll be protected under the strictest laws out there?
Hughes: Yes, unless there's a reason you wouldn't want those privileges. If a particular country doesn't have legislation -- the U.S. doesn't have a lot -- we would ask you why our global privacy policy would hurt your business. If you can prove that it would hurt you, we'll give you an exception. Typically, though, that hasn't happened.
FC: Is that type of company-wide equality common among global companies?
Hughes: Well, we're seen as one of the more forward-thinking ones. It gets down to being a business-driven principle-based program, rather than legally based. We go the extra mile because it's the right thing to do -- to give employees choices, to have access to their data. Even though we're not required to do it in some countries, it's the right thing to do.
FC: When you say employees have access to their data, what do you mean?
Hughes: They can access records, salary, benefits -- as well as contact info, anything they've given us. They also have access to their performance reviews and what their ratings are. Any in-house information.
FC: How does P&G handle email and Internet monitoring?
Email
Digg
StumbleUpon
Facebook
Buzz Up!
LinkedIn
