Case study: How Idea Cellular promotes customer data security and privacy
Idea Cellular is the third largest mobile phone operator in India, with a pan-India network that spans over 400,000 towns and villages, helping connect its nearly 200 million subscribers. Protecting customer information is a key section of Idea Cellular’s privacy framework Tweet This! and underlines its stand on the protection of the personal information of its employees, customers and relevant stakeholders.
This case study is based on the 2018 Sustainable Business Report by Idea Cellular published on the Global Reporting Initiative Sustainability Disclosure Database that can be found at this link. Through all case studies we aim to demonstrate what CSR/ ESG/ sustainability reporting done responsibly means. Essentially, it means: a) identifying a company’s most important impacts on the environment, economy and society, and b) measuring, managing and changing.
Abstract
Idea Cellular has established a company-wide privacy governance model that includes having policies, processes and checklists in place to ensure the continuing confidence of customers and stakeholders who entrust Idea Cellular with their personal information. In order to promote customer data security and privacy Idea Cellular took action to:
- carry out privacy risk assessments
- implement the Data Privacy Framework
- apply the decoy deception tool
Subscribe for free and read the rest of this case study
Please subscribe to the SustainCase Newsletter to keep up to date with the latest sustainability news and gain access to over 2000 case studies. These case studies demonstrate how companies are dealing responsibly with their most important impacts, building trust with their stakeholders (Identify > Measure > Manage > Change).
With this case study you will see:
- Which are the most important impacts (material issues) Idea Cellular has identified;
- How Idea Cellular proceeded with stakeholder engagement, and
- What actions were taken by Idea Cellular to promote sustainable water use
Already Subscribed? Type your email below and click submit
What are the material issues the company has identified?
In its 2018 Sustainable Business Report Idea Cellular identified a range of material issues, such as network reliability and availability, customer experience and satisfaction, product stewardship, digital inclusion. Among these, promoting customer data security and privacy stands out as a key material issue for Idea Cellular.
Stakeholder engagement in accordance with the GRI Standards
The Global Reporting Initiative (GRI) defines the Principle of Stakeholder Inclusiveness when identifying material issues (or a company’s most important impacts) as follows:
Stakeholders must be consulted in the process of identifying a company’s most important impacts and their reasonable expectations and interests must be taken into account. This is an important cornerstone for CSR / sustainability reporting done responsibly.
Key stakeholder groups Idea Cellular engages with:
| Stakeholder Group | Method of engagement |
| Customers
| · Customer Satisfaction (CSAT) Survey · Net Promoter Survey · Spot surveys |
| Employees | · Group & Team level Employee Satisfaction survey |
| Franchisees | · FSAT & Mystery Shopping |
| Rating Agencies
| · Annual financial statement along-with other details as may be required for Annual Review |
| Shareholders & Investors
| · Annual General Meeting (AGM) · Investor meeting · Analyst meeting · Major Event update call · Earning call |
| Regulators and Government authorities
| · Various Compliances · Regular Meetings · Correspondence · Report Filings |
| Suppliers
| · Supplier Assessments · RFP · Vendor Surveys · Vendor performance evaluation feedback · Contract · Supplier training · Supplier rejection |
| Lenders
| · Annual financial statement along with Auditor’s Report · Quarterly Financial Statements · Network Rollout · Compliance Certificate |
| Media
| · Media Events · Media Interactions · Press Releases · Letters to Editors |
How stakeholder engagement was made to identify material issues
To identify and prioritise material topics Idea Cellular engaged with its stakeholders through a questionnaire (suppliers and vendors) and surveys (customers and employees).
What actions were taken by Idea Cellular to promote customer data security and privacy?
In its 2018 Sustainable Business Report Idea Cellular reports that it took the following actions for promoting customer data security and privacy:
- Carrying out privacy risk assessments
- Idea Cellular conducts periodic privacy risk assessments to identify potential areas of risks and mitigation. ISMS (information security management system) practices are implemented to address such risks and compliance verifications are performed, through regular internal and external audits. Additionally, changes to applicable privacy laws, regulations, and policies from across various geographies are monitored and assessed and data privacy specific training programmes are designed and imparted to employees of customer accounts on all applicable privacy regulations.
- Implementing the Data Privacy Framework
- Idea Cellular’s Data Privacy Framework consists of three major enterprise components: the people (customers, employees, third party vendors and suppliers), the business processes and the technology (enterprise platforms).
- The enablers of data protection and privacy under the enterprise component of ‘people’ comprise of privacy policy and procedure, the privacy of organisation and the efforts of training and awareness about it.
- The enablers under the enterprise component of ‘business processes’ include the Personally Identifiable Information (PII) elements inventory, the PII usage framework, the privacy impact assessment framework and the Process PII containers and privacy controls.
- The enablers under the enterprise component of ‘technology’ are application privacy controls, Aadhaar data vault privacy controls and end user privacy controls.
- This Framework ensures a consistent approach to privacy across Idea Cellular and enables the company to have a robust privacy policy, improving privacy adherence levels. It also improves effectiveness in privacy incident management and helps Idea Cellular with improved contractual guidelines with vendors for privacy.
- Applying the decoy deception tool
- Another privacy, cyber security tool deployed by Idea Cellular is the decoy deception tool, which creates virtual honeypots across the network mimicking real world systems. A honeypot is a closely monitored network decoy serving several purposes: it can distract adversaries from more valuable machines on a network, can provide early warning about new attack and exploitation trends, or allow in-depth examination of adversaries during and after exploitation of a honeypot. This helps to detect any infected systems which are scanning the entire network for further infections and entice even the stealthiest hacker into revealing themselves and drawing them away from real assets. This new generation of distributed decoy technologies that employ deception as a way to misdirect intruders and disrupt their activities at multiple points along the attack chain help delay attackers and force them to spend more time and effort figuring out what is real and whether to proceed with an attack or not.
Which GRI Standards and corresponding Sustainable Development Goals (SDGs) have been addressed?
The GRI Standard addressed in this case is: Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data
Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data corresponds to:
- Sustainable Development Goal (SDG) 16: Promote peaceful and inclusive societies for sustainable development, provide access to justice for all and build effective, accountable and inclusive institutions at all levels
- Business theme: Compliance with laws and regulations, Protection of privacy
78% of the world’s 250 largest companies report in accordance with the GRI Standards
SustainCase was primarily created to demonstrate, through case studies, the importance of dealing with a company’s most important impacts in a structured way, with use of the GRI Standards. To show how today’s best-run companies are achieving economic, social and environmental success – and how you can too.
Research by well-recognised institutions is clearly proving that responsible companies can look to the future with optimism.
7 GRI sustainability disclosures get you started
Any size business can start taking sustainability action
GRI, IEMA, CPD Certified Sustainability courses (2-5 days): Live Online or Classroom (venue: London School of Economics)
- Exclusive FBRH template to begin reporting from day one
- Identify your most important impacts on the Environment, Economy and People
- Formulate in group exercises your plan for action. Begin taking solid, focused, all-round sustainability action ASAP.
- Benchmarking methodology to set you on a path of continuous improvement
References:
1) This case study is based on published information by Idea Cellular, located at the link below. For the sake of readability, we did not use brackets or ellipses. However, we made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original, please revert to the original on the Global Reporting Initiative’s Sustainability Disclosure Database at the link:
http://database.globalreporting.org/
2) https://www.globalreporting.org/standards/gri-standards-download-center/
Note to Idea Cellular: With each case study we send out an email requesting a comment on this case study. If you have not received such an email please contact us.