What are the material issues the company has identified?

In its 2018 Sustainable Business Report Idea Cellular identified a range of material issues, such as network reliability and availability, customer experience and satisfaction, product stewardship, digital inclusion. Among these, promoting customer data security and privacy stands out as a key material issue for Idea Cellular.

Stakeholder engagement in accordance with the GRI Standards              

The Global Reporting Initiative (GRI) defines the Principle of Stakeholder Inclusiveness when identifying material issues (or a company’s most important impacts) as follows:

“The reporting organization shall identify its stakeholders, and explain how it has responded to their reasonable expectations and interests.”

Stakeholders must be consulted in the process of identifying a company’s most important impacts and their reasonable expectations and interests must be taken into account. This is an important cornerstone for CSR / sustainability reporting done responsibly.

Key stakeholder groups Idea Cellular engages with:

Stakeholder Group	Method of engagement
Customers	·      Customer Satisfaction (CSAT) Survey ·      Net Promoter Survey ·      Spot surveys
Employees	·      Group & Team level Employee Satisfaction survey
Franchisees	·      FSAT & Mystery Shopping
Rating Agencies	·      Annual financial statement along-with other details as may be required for Annual Review
Shareholders & Investors	·      Annual General Meeting (AGM) ·      Investor meeting ·      Analyst meeting ·      Major Event update call ·      Earning call
Regulators and Government authorities	·      Various Compliances ·      Regular Meetings ·      Correspondence ·      Report Filings
Suppliers	·      Supplier Assessments ·      RFP ·      Vendor Surveys ·      Vendor performance evaluation feedback ·      Contract ·      Supplier training ·      Supplier rejection
Lenders	·      Annual financial statement along with Auditor’s Report ·      Quarterly Financial Statements ·      Network Rollout ·      Compliance Certificate
Media	·      Media Events ·      Media Interactions ·      Press Releases ·      Letters to Editors

How stakeholder engagement was made to identify material issues

To identify and prioritise material topics Idea Cellular engaged with its stakeholders through a questionnaire (suppliers and vendors) and surveys (customers and employees).

What actions were taken by Idea Cellular to promote customer data security and privacy?

In its 2018 Sustainable Business Report Idea Cellular reports that it took the following actions for promoting customer data security and privacy:

• Carrying out privacy risk assessments
• Idea Cellular conducts periodic privacy risk assessments to identify potential areas of risks and mitigation. ISMS (information security management system) practices are implemented to address such risks and compliance verifications are performed, through regular internal and external audits. Additionally, changes to applicable privacy laws, regulations, and policies from across various geographies are monitored and assessed and data privacy specific training programmes are designed and imparted to employees of customer accounts on all applicable privacy regulations.

• Implementing the Data Privacy Framework
• Idea Cellular’s Data Privacy Framework consists of three major enterprise components: the people (customers, employees, third party vendors and suppliers), the business processes and the technology (enterprise platforms).
  • The enablers of data protection and privacy under the enterprise component of ‘people’ comprise of privacy policy and procedure, the privacy of organisation and the efforts of training and awareness about it.
  • The enablers under the enterprise component of ‘business processes’ include the Personally Identifiable Information (PII) elements inventory, the PII usage framework, the privacy impact assessment framework and the Process PII containers and privacy controls.
  • The enablers under the enterprise component of ‘technology’ are application privacy controls, Aadhaar data vault privacy controls and end user privacy controls.
• This Framework ensures a consistent approach to privacy across Idea Cellular and enables the company to have a robust privacy policy, improving privacy adherence levels. It also improves effectiveness in privacy incident management and helps Idea Cellular with improved contractual guidelines with vendors for privacy. 

• Applying the decoy deception tool
• Another privacy, cyber security tool deployed by Idea Cellular is the decoy deception tool, which creates virtual honeypots across the network mimicking real world systems. A honeypot is a closely monitored network decoy serving several purposes: it can distract adversaries from more valuable machines on a network, can provide early warning about new attack and exploitation trends, or allow in-depth examination of adversaries during and after exploitation of a honeypot. This helps to detect any infected systems which are scanning the entire network for further infections and entice even the stealthiest hacker into revealing themselves and drawing them away from real assets. This new generation of distributed decoy technologies that employ deception as a way to misdirect intruders and disrupt their activities at multiple points along the attack chain help delay attackers and force them to spend more time and effort figuring out what is real and whether to proceed with an attack or not.

Which GRI Standards and corresponding Sustainable Development Goals (SDGs) have been addressed?

The GRI Standard addressed in this case is: Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data

 

Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data corresponds to:

• Sustainable Development Goal (SDG) 16: Promote peaceful and inclusive societies for sustainable development, provide access to justice for all and build effective, accountable and inclusive institutions at all levels
• Business theme: Compliance with laws and regulations, Protection of privacy

 

78% of the world’s 250 largest companies report in accordance with the GRI Standards

SustainCase was primarily created to demonstrate, through case studies, the importance of dealing with a company’s most important impacts in a structured way, with use of the GRI Standards. To show how today’s best-run companies are achieving economic, social and environmental success – and how you can too.

Research by well-recognised institutions is clearly proving that responsible companies can look to the future with optimism.

7 GRI sustainability disclosures get you started

Any size business can start taking sustainability action

GRI, ISEP, CPD Certified Sustainability courses (2-5 days): Live Online or Classroom  (venue: London School of Economics)

• Exclusive FBRH template to begin reporting from day one
• Identify your most important impacts on the Environment, Economy and People
• Formulate in group exercises your plan for action. Begin taking solid, focused, all-round sustainability action ASAP. 
• Benchmarking methodology to set you on a path of continuous improvement

See upcoming training dates.

 

References:

1) This case study is based on published information by Idea Cellular, located at the link below. For the sake of readability, we did not use brackets or ellipses. However, we made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original, please revert to the original on the Global Reporting Initiative’s Sustainability Disclosure Database at the link:

http://database.globalreporting.org/

2) https://www.globalreporting.org/standards/gri-standards-download-center/

Note to Idea Cellular: With each case study we send out an email requesting a comment on this case study. If you have not received such an email please contact us.