Data protection

Swisscom attaches great im­por­tance to the legally compliant and re­spon­si­ble processing of personal data. For this reason, in the year under review Swisscom further expanded the mea­sures for the protection of personal data and introduced a framework to ensure data ethics.

Data protection within Swisscom is controlled and mon­i­tored by a central data governance unit, which works closely with all the relevant divisions and other staff units. In order to ensure adequate data governance, the re­spon­si­ble unit issued several directives and in­for­ma­tion sheets in the year under review. In addition, employees with a data governance role at Swisscom received in-depth job-specific training. Ap­pro­pri­ate learning content further developed and sharpened the awareness of the rest of the workforce with regard to data protection and confidentiality. What is more, Swisscom significantly expanded the testing of systems and ap­pli­ca­tions for their compliance with legal data protection and confidentiality re­quire­ments. It also made further progress with the de­vel­op­ment of technical tools to support data governance.

Swisscom began implementing the new Federal Act on Data Protection (FADP) in the year under review. The Federal Act on Data Protection (FADP) regulates the treatment of personal data. It had been under revision since 2016, and a revised version was adopted by Parliament in autumn 2020. It is not yet known when the new FADP will come into force. Swisscom is assuming that this will happen in 2022.

To ensure data ethics, a newly created, diversely composed Data Ethics Board has reviewed a variety of cases to ensure that they comply with Swisscom’s ethical principles. The framework for data ethics has proven itself and will be con­tin­ued.