Contents
Introduction Social
Governance
Environmental
Indexes
Awards
TTEC 2024 Impact and Sustainability Report
31
Data privacy and security
Incident and breach management TTEC has procedures in place for responding to an incident breach, which are detailed in our Information Security Risk Management Policy . The procedure outlines TTEC’s approach to identifying, estimating, and prioritizing potential risks and vulnerabilities to the confidentiality, integrity, and availability of Protected Health Information (PHI) and Personally Identifiable Information (PII). It aims to support compliance with various standards, including HIPAA, HITRUST, PCI-DSS, SOX, SOC 1, SOC 2, ISO 27001, FISMA, and FedRAMP. Our protocol emphasizes proactive risk management through an integrated control system and periodic risk assessments. The policy details the methodology for conducting risk assessments, including the use of quantitative and qualitative approaches, and sets acceptable levels of risk. Continuous risk management practices are highlighted, with specific procedures for enterprise and information system risk assessments, evaluating risks after security incidents, and assessing risks prior to major operational changes. Our policy mandates regular review and updating of risk assessments and controls, with oversight by the Information Security Steering Committee and the Healthcare Compliance Committee. It also includes definitions of key terms and specifies the applicability and responsibilities for compliance, emphasizing that there are no exceptions to the policy.
and operations, as well as oversight by the Security and Technology Committee of the Board of Directors and the global chief operations officer. TTEC has established a thorough process involving relevant stakeholders, such as TTEC’s Global Security Office (GSO), legal, and the Disclosure Committee, among others, to review, evaluate impact, and report any cybersecurity incidents that meet the materiality threshold established by the SEC rules through timely 8K filings and necessary updates. In 2024, TTEC enhanced profiling of devices connecting to the TTEC environment from remote locations. With our migration to Microsoft Purview DLP, we have greater coverage of data protection to prevent unauthorized access. TTEC performs vulnerability scans to improve the response time in updating vulnerabilities. Data security and privacy support Our systems are monitored 24/7 for security integrity, data movement, and threat protections, including a 24/7 TTEC Security Office (TSO). Our team also oversees commercial and public sector compliance. TTEC has earned numerous compliance certifications that can be viewed through “industry certifications” button here. Data privacy training As part of TTEC’s mandatory annual compliance training, employees learn how to identify what constitutes personal and confidential information and how such data is to be handled so that individual data privacy rights are safeguarded.
Written in plain language, our Website Privacy Policy applies to all operations and covers:
The type of personal data we collect
The use of data collected from our website
The use of cookies
Sharing of data with third parties
Use of sensitive, personal data
Data security practices
TTEC’s website privacy policy informs visitors how to exercise their rights as data subjects by contacting privacy@ttec.com . Client customer data is processed in accordance with the privacy commitments of our clients and as agreed to in our contracts with clients. As of 2024, TTEC participates in the EU-U.S. Data Privacy Framework (DPF), the Swiss-U.S. DPF, and the U.K. DPF, which provide U.S. organizations with mechanisms for personal data transfers in compliance with EU, U.K., and Swiss laws. The Data Privacy Framework program, which is administered by the International Trade Administration within the U.S. Department of Commerce, enables eligible U.S.-based organizations to self-certify their compliance. Cybersecurity TTEC relies on an extensive set of data security tools and best practices to anticipate and mitigate potential cybersecurity threats. We focus on application, cloud, web security, and threat intelligence, which we leverage as part of an overarching data management framework called Project Trust. Our Project Trust for data is a collaborative effort that spans the entire organization, with leadership from security, legal, technology, people and culture,
TTEC safeguards the data of our clients, their customers, and our employees with far-reaching policies and data- handling practices to protect their privacy and security. We continually update our policies to reflect the changing landscape where we have employees across the globe. In our daily operations, TTEC routinely collects personal information from job applicants, employees, customers, business partners, and website visitors. We’ve created plainspeak policies to explain how we gather, store, and use personal information. It’s important these privacy practices are easily understood so we’ve made our data policies easy to find and comprehend. In 2024, we refreshed our Global Privacy Policy to incorporate new geographies where TTEC does business. We also updated existing privacy policies for the United States and globally.
See our industry certifications
Our information security program is designed based on best practices to anticipate potential threats and to protect our assets, our people, and the data that our clients and their customers entrust to TTEC.” —John Everson, Chief Security Officer
Made with FlippingBook Online newsletter maker