Standard #9: Confidentiality and Information Security

General Statement:

• Group companies and employees must protect and maintain the confidentiality of all commercially sensitive information, trade secrets and other confidential information relating to the Group and its business.

Elaboration of Standard:d Financial Integrity

• No employee shall disclose any confidential information relating to any Group company or its business outside the Group without specific authority from higher management to do so.
  

• Where confidential information is to be disclosed to another party, it should be released only:
  

• to agents or representatives of a Group company who owe a duty of confidentiality to that company and require such information to carry out work on its behalf; or
• under the terms of a written confidentiality agreement or undertaking entered into with the other party.
  

• If confidential information is to be transmitted electronically, then technical and procedural standards should be agreed with the other party.
  

• Where confidential information is required to be disclosed under the terms of an order of any competent judicial, governmental, regulatory or supervisory body, employees should notify their local Legal Counsel and release such information only with Legal Counsel’s approval.
  

• Access to confidential information relating to any Group company or its business should only be provided to those employees who require it for the exercise of their functions within the Group.
  

• No employee may retain on his personal premises any confidential information relating to any Group company or its business without making adequate arrangements to protect the security of such information.
  

• No employee shall use confidential information relating to any Group company or its business for his own pecuniary advantage or for that of a friend or relative (see ‘Conflicts of Interest’).
  

• Group companies and employees must ensure that they comply at all times with all applicable data protection laws.
  

• Access to personal data should be limited to employees who have appropriate authorization and a clear business need for that data.
  

• Group companies and employees must not solicit or willfully obtain from any person confidential information belonging to another party.
  

• Confidential information is any information or knowledge, the disclosure of which outside the Group might be prejudicial to the interests of any Group company. Examples include (but are not limited to):
  

• sales, marketing and other corporate databases;
• pricing and marketing strategies and plans;
• confidential product information and trade secrets;
• research and technical data;
• new product development material;
• business ideas, processes, proposals or strategies;
• unpublished financial data and results;
• company plans;
• personnel data and matters affecting the morale of employees; and
• software purchased or developed by any Group company.
  

• You should be especially mindful of the risk of unintentional disclosure of confidential information through discussions or use of documents in public places.

	Our Standards in Practice
	1. Whistleblowing 2. Conflicts of Interest 3. Bribery and Corruption 4. Entertainment and Gifts 5. Political Contribution 6. Charitable Contributions 7. Accurate Accounting and     Record-Keeping 8. Protection of Corporate Assets 9. Confidentiality and      Information Security 10. Money-Laundering and       Anti-Terrorism
	Business Principles