In 2017, the synergy in managing Personal Data and Logical Security was strengthened, with a view to sharing analyses on information security and personal data protection, conducted with a unified method and presented to the Risk Committee.
The main threats to information security that arose during 2017 were analysed in depth to identify the most appropriate prevention measures. Specifically, the analysis of the impact of disastrous events on the business, that could affect IT services was updated to revise and update the disaster recovery plan for information systems.
In compliance with the requirements set by recent European regulations on the protection of personal data and the security of critical infrastructures, we have drawn up specific procedures to assess the impact on the processing of personal data and to notify the relevant Authorities of IT security incidents.
In collaboration with Acantho, we have successfully tested a technological solution to control access to IT networks, for future adoption on all the IT networks of the Hera Group that are managed by Acantho.
As regards the observance and propagation of regulatory changes, requests for advice and specialized legal support were handled by preparing specific detailed regulatory studies and by preparing the documentation, also for service contracts, needed to ensure regulatory compliance as pertains to data confidentiality within the Group’s processes.
The most significant activities for the Group’s processes include in-depth analyses on video surveillance for the risk of break-ins to the waste collection centres, on the privacy-related impacts of credit recovery, on apps for company smartphones and on apps for intelligent thermostats, as well as the verification of compliance with the departure from home to travel to a worksite project. Updating continued of the standard personal data privacy forms concerning information, consent and releases, as did the implementation of new regulations, including that for the collection of Quantity-based charging and the Environmental Services Charter.
A special focus was dedicated to customers, with prompt support to Hera Comm Srl in handling complaints, monitoring call centre activities in the online services review project, the introduction of electronic signatures, analysis of impacts for Hera Comm’s new telephone platform in collaboration with Acantho and definition of rules for operators of Hera Comm, and of the companies it outsources services to that involve contact with the public.
We initiated significant coordination work with the Group companies to implement management standards that are compliant with the new European Privacy Regulation (EU Reg. 2016/679), by implementing the standard Register of computerized processes, reviewing the personal data privacy forms and updating the privacy-related content of the tender specifications.