Every part of our business (including regions, business groups and central functions) was analyzed for risks related to corruption. To ensure full alignment, each operating unit’s compliance risk assessment report was reviewed, approved and documented by the Management Committee member responsible for that organization.
Alcatel-Lucent updated eight policy documents connected to Anti-Corruption, to align with the stricter policies and tool procedures introduced in 2014. Full deployment of the Gifts, Travel and Entertainment online tool, and related training occurred in early 2015.
Alcatel-Lucent remained committed to respecting individual privacy rights and expectations, and to protecting personal data against unauthorized access, use, retention or disclosure in 2015. We set up a comprehensive organizational structure in charge of privacy and data protection (P&DP) compliance that includes the following:
Š Chief Privacy Officer (CPO)
The CPO served as primary senior sponsor and leader responsible for ensuring Alcatel-Lucent had a consistent and effective P&DP strategy in line with the overall business strategy, as well as an associated P&DP compliance program.
Š P&DP Compliance Program Owner
The Compliance Program Owner’s primary responsibility was to establish and execute the P&DP Compliance Program (including chairing the P&DP Steering Committee).
Š P&DP Lead Counsel
This person ensured the various P&DP players had all necessary legal advice and support throughout the year. Š P&DP Steering Committee
Established in 2010, this committee’s role was to provide overall cross-functional oversight of the design and implementation of Alcatel-Lucent’s privacy program. It met several times during the year and was composed of the CPO, the Lead Counsel and other senior leaders from CTO, Corporate Security, Corporate Sustainability, Human Resources and IS/IT.
Š Data Privacy Team (DPT)
This multi-disciplinary team carried out daily operational tasks and activities in support of the various business units and their project teams assessing and mitigating P&DP risks. It also worked to ensure members of the Data Privacy Network (DPN), which represented Alcatel-Lucent affiliates, had the necessary information to conduct their own compliance assessments with local laws, and to implement necessary local actions such as submitting filings to data protection authorities or preparing needed communications to works councils and users.
As part of its annual activities, the P&DP Compliance Program last year:
Š conducted an assessment and developed a related enhancement plan;
Š developed policies, procedures and guidelines to meet regulatory and customer requirements;
Š designed and deployed training modules for specific audiences (e.g., HR, IS/IT, Sales, R&D) to complement the Code of Conduct;
Š made available various awareness and educational resources including FAQs and “what if?” scenarios, some of which were produced for specific occasions such as the annual international data privacy day; and
Š continuously monitored data privacy regulatory developments as well as changes in regulations pertaining to areas such as the Internet of Things, cloud and Big Data. Specific to 2015, the P&DP Compliance Program also:
Š conducted an internal review to identify how this corporate team could further support to Alcatel-Lucent entities in complying with applicable local data privacy laws;
Š analyzed data privacy-related requirements from a sample of customers’ Request for Information (RFI), Request for Proposal (RFP) and Request for Quotation (RFQ) documents to better understand customer expectations and prepare standardized responses on behalf of our pre-sales and sales teams; and
Š introduced the Alcatel-Lucent approach on P&DP to the Sustainability Advisory Panel during a session focused on Ethics & Compliance (a representative from Orange reciprocally presented how that company handles similar issues with end users and consumers).
As Alcatel-Lucent operates in a business-to-business model, its privacy activities continued to focus on its own employees. Nonetheless Alcatel-Lucent has a public Global Privacy and Data Protection Policy, which can be viewed at the bottom of every page of our website. This policy applies to all business activities of Alcatel-Lucent S.A., Alcatel- Lucent International and all of their subsidiaries, and to all Alcatel-Lucent websites that are operated by or on behalf of Alcatel-Lucent and/or link to the Global Privacy and Data Protection Policy. This policy does not apply to consumer activities as Alcatel-Lucent does not have direct business relations with consumers.
In April 2015, Nokia announced the intention to acquire Alcatel- Lucent to create a global leader in connectivity. Working sessions about Data Privacy compliance took place throughout the second half of the year between Nokia and Alcatel-Lucent as a specific sub-stream under the overall Legal & Compliance integration stream, for the two companies to understand the values, policies, governance model and other aspects in order to prepare a successful integration of Alcatel-Lucent into Nokia upon Closing of the Offer.
4.4.8 Telecoms Industry Dialogue on freedom of expression and privacy
The United Nations Guiding Principles on Business and HumanRights — the so-called “Ruggie Principles” that led to the establishment of the UN Protect, Respect and Remedy
Framework — were endorsed in June 2011. They clarify the responsibility of governments to protect human rights and the responsibility of the business community to respect human
rights in its global operations and ecosystems. In 2012, Alcatel- Lucent updated its Global Human Rights Policy to align with the UN Guiding Principles on Business and Human Rights, and designated the Chief Compliance Officer as the company’s representative on human rights at the executive level.
In 2013, as part of our internal processes, we developed human rights due diligence requirements for material commercial proposals and extended our human rights commitments to resellers. We also designed and deployed a multilingual employee training module to build awareness of human rights principles throughout the company. These measures were deployed in 2014 – 2015.
The Group continued to broaden its security geographic screening processes and compliance screening of third parties, and to engage in ongoing monitoring of its supply chain to assess key aspects of human rights.
Externally, we deepened our collaboration with the Telecommunications Industry Dialogue (ID) — a group of nine
global telecommunications operators and vendors that has been meeting since 2011 to discuss freedom of expression and privacy rights in the telecommunication sector. In 2013, ID members jointly launched the 10 Guiding Principles on Telecommunications and Freedom of Expression and Privacy of which Alcatel-Lucent’s implementation measures can be found in the table below. In 2015, Alcatel-Lucent chaired the ID from April to October, bringing greater visibility to vendor issues relating to freedom of expression and privacy such as encryption, and furthering collaboration with the Global Network Initiative (GNI) to create a united multi-stakeholder ICT approach to human rights. We also chaired the publication of ID’s Annual Report (available at http://www.telecomindustrydialogue.org/ wp-content/uploads/Telco-Industry-Dialogue-Annual-Report- 2015.pdf) and hosted a major stakeholder event in April 2015 presenting ID’s achievements and milestones to more than 30 organizations — from investors and multilateral bodies such as OECD and UNESCO to individual rating agencies and peers from the telecoms sector.