The EU has very stringent conditions on personal data. Organizations that are from non-EU countries have to adhere to certain directives that have been imposed to ensure protection of personal data. To ensure protection, the data protection act states that personal data shall not be transferred to a country outside the EU unless that country ensures an adequate level of protection for rights and freedoms of personal data subject to processing. The Kraft company although not originally from the EU, complies with these regulations of personal data by adhering to the rules governing the collection, processing, transmission, and storage of employment information (Wright, Bartlett, and Kakalik, 2007). It also signs a legal data transfer agreement with other EU member states. It informs the information commissioner when it is transferring personal data , and it ensures that it transfers data to countries that recognize the data act and transfer it securely without threat of being contravened. Nevertheless, the act requires that organizations ensure that the data they store is secure but to do this, the organizations need to determine if the security controls are appropriate.
Since most data is stored electronically, companies such as Kraft Corporation install firewalls on its systems, keep the data encrypted, and update anti-virus software, install internet patches put up strong passwords and many other ways. To ensure security and privacy of employee information, user access controls are processed through the Unified Personnel and Payroll System (UPPS) coupled with the incorporation of a Shared Service Center (SSC) to enhance the provision of customer and transactional services (Wright, Bartlett, and Kakalik, 2007). Additionally, the creation of the office of the Chief Information Security Officer (CISO) enhanced the role of developing, implementing, maintaining, and enhancing the level of all-security related issues (Wright, Bartlett, and Kakalik, 2007).
Examples of specific HR data considered that Kraft Foods considers sensitive includes employee identification, contact information, employment duration, compensation and benefits, age, bank account numbers, health information, marital status, ethnicity, and criminal records among others. The company operates according to legal compliance on integrity guided by the Code of Conduct. The Code of Conduct forms an essential part of integrity and compliance program because it stipulates policies that cover the legal and ethical practices at Kraft Foods. It also ensures that focus is given to ensuring that each employee executes his/her role in an ethical manner. Speaking of ways of distributing information to employees, all employees are treated fairly in addition to being offered a web-based self-service program that enables them to view their confidential information such as paychecks, credit accounts, and personal information.
The UPPS has the capability to combine 17 payroll, HR, and benefits system into one system. This enables the harmonization of HR processes such as the management of employee performance, compensation, management, and as well as enabling the cooperation from different divisions within the organization. The Unified Personnel and Payroll System (UPPS) have a web-based service that enables salaried employees to access the financial information and other related financial data. Financial information is very sensitive and hence, enabling employees to track such information through password enabled controls increases the privacy levels. The movement of North American HR transactions from UPPS to SAP HR would enable Kraft Foods Inc. to increase the levels of protection to Human resource transactions in North American subsidiaries. It will also enhance the implementation of specific restrictions that can be imposed on personal data and other principles governing the protection of data.
Wright, M., Bartlett, and Kakalik, J. (2007). Information Security: Contemporary Cases.