Case study: BT’s policies and measures to make its customers feel secure while using its technology and confident that BT will respect and protect their personal information
Telecommunications companies are a major target for cyber-attacks because they build, control and operate critical infrastructure that is widely used to communicate and store large amounts of sensitive data. As the UK’s number one broadband provider, keeping its own and its customers’ data secure, as well as protecting its customers’ devices, is a truly vital issue for BT.
This case study is based on the 2014 Better Future Report by BT published on the Global Reporting Initiative Sustainability Disclosure Database that can be found at this link. Through all case studies we aim to demonstrate that CSR/ sustainability reporting done responsibly is achieved by identifying a company’s most important impacts on the environment and stakeholders and by measuring, managing and changing.
Among a number of key material issues, keeping data secure and helping keep the internet safe, as well as respecting its customers’ privacy, is a matter of crucial significance for BT, as the UK’s number one broadband provider and for its stakeholders. After measuring and setting targets, BT took action to keep its network and customers’ devices secure, strengthen its ability to manage cyber-threats and raise data security standards. Also, in order to promote child safety online BT invested in filtering tools and developed new filtering services and programmes aimed at offering practical advice to both parents and children on online child safety. Last but not least, BT makes sure its employees understand the importance of its customers’ privacy through mandatory training, workshops and a consequence management system for violations of its privacy policies.
Subscribe for free and read the rest of this case study
Please subscribe to the SustainCase Newsletter to keep up to date with the latest sustainability news and gain access to over 100 case studies. These case studies demonstrate how companies are dealing responsibly with their most important impacts, building trust with their stakeholders (Identify > Measure > Manage > Change).
With this case study you will see:
- Which are the most important impacts (material issues) BT has identified;
- How BT proceeded with stakeholder engagement, and
- What actions were taken by BT to make its customers feel secure while using its technology and confident that BT will respect and protect their personal information
Already Subscribed? Type your email below and click submit
What are the material issues the company has identified?
In its 2014 Better Future Report BT has identified a range of material issues, such as climate change & energy, customer experience, pay & benefits, health and safety, fibre & Wi-Fi investment. Among these, online safety and privacy stands out as an issue of critical importance: in the digital age, staying one step ahead of potential cyber-attacks and using state-of-the-art technology to protect its own and its customers’ data, keeping customers’ devices secure, is key for any telecommunications company.
Stakeholder engagement in accordance with the GRI Standards
The Global Reporting Initiative (GRI) defines the Principle of Stakeholder Inclusiveness when identifying material issues (or a company’s most important impacts) as follows:
Stakeholders must be consulted in the process of identifying a company’s most important impacts and their reasonable expectations and interests must be taken into account. This is an important cornerstone for CSR / sustainability reporting done responsibly.
Key stakeholder groups BT engages with:
Stakeholder Group |
Customers |
Suppliers |
Investors |
Employees |
Government bodies |
Non-governmental organisations |
How stakeholder engagement was made to identify material issues
BT regularly talks to people with a stake in its business to explain its approach and to understand what they expect of BT and how well they think it is doing. This takes place during its daily dealings with different groups, through online discussion forums, phone conversations, meetings, focus groups, social media and regular dialogue with expert membership groups, such as Business in the Community (BITC) and Chatham House. In 2013 BT introduced innovative techniques to crowdsource opinion to help the company incorporate more stakeholder views and greater analysis into its Better Future programme.
In 2013/14, BT sought additional stakeholder views by identifying and analysing public content from blogs, social media and online news sites, as well as on TV and radio. This technique gives the company a better understanding of issues that are important across all stakeholder groups and of who is influential in relation to those issues. BT monitors how these issues affect its business and Better Future programme, feeding the insights into its business decisions and materiality process. This analysis supplements more traditional stakeholder engagement such as meetings and focus groups to give BT access to a much broader stakeholder perspective.
In July 2013, BT ran its first online Better Future Forum, bringing together almost 200 sustainability experts from 22 countries to discuss the potential for business to make a positive overall contribution to the environment. A panel of 15 experts moderated by GlobeScan shared their thoughts and participants globally responded with almost 800 comments. Driven by these insights BT worked with WWF-UK, Forum for the Future, The Climate Group and leading UK and multinational companies to launch the Net Positive Movement, a diverse group working together to promote the Net Positive approach and encourage other businesses to focus on having a positive impact on the environment.
What actions were taken to make BT’s customers feel secure using its technology and confident that BT will respect and protect their personal information?
In its Better Future Report 2014 the following targets were set by BT regarding the protection of its own and its customers’ data, based on the Group’s approach to materiality – on taking action on what matters, where it matters:
- Keeping BT’s network and customers’ devices secure
As well as protecting its own customers’ data, BT uses more than 70 years of experience to offer managed security services that help its enterprise customers protect their clients’ data. Its free advice and security software helps consumers to keep their devices secure from viruses – and their families safe while online. The company developed BT Protect, which helps prevent infection from all sorts of nasty viruses and spyware by warning a customer if he/she is about to visit a potentially harmful website whenever he/she is browsing online using his/her BT broadband connection. Behind the scenes, BT’s Security Operations Centres monitor its customers’ devices 24 hours a day, 365 days a year, to spot breaches and potential weaknesses and to keep its network secure.
- Combating cyber-threats
In 2013 BT launched a cyber-security operations centre to monitor all internal networks and cyber related incidents round the clock. The centre helped launch BT Sport safely and securely in August 2013 and provided enhanced network and systems monitoring during high-profile UK Premiership matches.
- Raising data security standards
BT collaborated with other internet service providers and UK Government to develop a set of Guiding Principles on Cyber Security, which were published in December 2013. As voluntary signatories, BT committed to help its customers understand online threats and to provide tools and advice on security software to help keep them safe while online.
- Promoting child safety online
Since 2010, BT has invested more than £5m in filtering tools and education to help children and young adults use the internet safely. In 2013 it launched a new filter, BT Parental Controls, which gives new customers the option to install network-based parental controls as standard. To help its Wi-Fi site partners stop pornographic and child abuse material being viewed on their premises, BT launched BT Wi-Fi Protect. This free filtering service is used by 50 of its Wi-Fi partners (representing 90% of its hotspot traffic) and all new partners receive this service as standard, unless they opt out. In 2013/14, BT launched The Right Click: Internet Safety Matters in partnership with UNICEF – a three-year programme providing practical advice about online child safety to up to 35,000 teachers, parents and children in the UK. Working in partnership with Sky, TalkTalk and Virgin Media, BT also created Internet Matters – an organisation that promotes child online safety to parents. The supporting campaign emphasises the message ‘Learn about it. Talk about it. Deal with it.’ In 2013 BT increased its annual funding to the Internet Watch Foundation (IWF), a hotline for reporting criminal child abuse content, from £40,000 to £75,000. To deter users from accessing child abuse material identified by IWF, BT also launched a new ‘splash page’ that makes clear why access has been denied, warns users that viewing indecent images of children is a criminal offence and provides the number of Stop it Now!, a confidential helpline for those with concerning or illegal internet use.
- Respecting BT customers privacy
BT ensures its employees understand the importance of privacy and their role in protecting its customers’ personal information. [tweetthis]All of BT’s 87,800 employees participate in mandatory privacy training[/tweetthis], and BT conducts awareness-raising workshops for employees across its operations who are directly involved in managing customers’ data. BT recognises that there is always room for improvement and has implemented a consequence management system for violations of its privacy policies to help employees learn from their mistakes.
Which GRI indicators/Standards have been addressed?
The GRI indicator addressed in this case is: G4-PR8: Total number of substantiated complaints regarding breaches of customer privacy and losses of customer data and the updated GRI Standard is: Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data
References:
1) This case study was compiled using published information by BT which is located at the links below. For the sake of readability, we did not use brackets or ellipses but made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original please revert to the following links:
http://www.btplc.com/Purposefulbusiness/Safetyandsecurity/Privacyandsecurity/ (April 2016)
2) http://www.fbrh.co.uk/en/global-reporting-initiative-gri-g4-guidelines-download-page
3) https://g4.globalreporting.org/Pages/default.aspx
4) https://www.globalreporting.org/standards/gri-standards-download-center/
Note to BT: With each case study we send out an email to your listed address in request for a comment on this case study. If you have not received such an email please contact us.