Hot off the press!

Your CPM Privacy & Compliance team is dedicated to continually improving our privacy and information security management, including by making regular updates to our suite of policies, procedures and other documents to ensure they are clear and relevant.  Some of our recent updates include: 

• A revised Information Security Incident Management Procedure, to reflect the requirement that all security incidents including potential data breaches be reported to CPMIncidents@cpm-int.com 
• A new Clear Desk and Screen Policy, with tips for how you can help keep information secure both in the office and when working remotely (more on this in a separate article in this newsletter) 
• An updated Workplace Privacy Notice, which describes how CPM Agencies process employee personal data
• An updated PCI Compliance Policy and Procedure for those working on PCI contact centre campaigns in CPM Spain or CPM Slovakia 

The most current versions of Privacy & Compliance policies, procedures, notices and other documents are always available on the CPM Privacy & Compliance SharePoint site (be sure to check the market-specific folders for anything specific to your Agency).  We are planning to translate a number of these to the primary languages spoken in each market – stay tuned for more news on that in the near future. As always, if you have any questions reach out to your local Privacy & Compliance Champion or privacy@cpm-int.com. 

CPM Chatbot is being trained to provide Privacy & Compliance information

We know Privacy & Compliance requirements can seem complicated, and sometimes hard to remember.  To help signpost you to helpful information, we've begun working with the IT team to “train” the Chatbot to answer common questions.  In the coming weeks, the Chatbot will be able to: 

• help you find the CPM and Omnicom Information Security and Privacy sites, where key policies, procedures and other documents are available; 
• tell you how to safely and securely send confidential data to third parties using Secure Share; and  
• remind you (1) how to report a security/data incident or breach, (2) what to do if you've received a suspicious email or (3) what to do if your laptop/phone/Yubikey is lost or stolen. 

We'll be adding more Privacy & Compliance content to the Chatbot in the future.

Cybersecurity Awareness Month

October is Cybersecurity Awareness Month and Omnicom has planned a series of communications over the coming weeks about the most important things you can do to protect yourself.  The Omnicom Cybersecurity Awareness Month 2023 SharePoint site has lots of great information including: 

• More information on why Omnicom conducts phishing simulations 
• Learn how to manage your privacy & security settings on popular platforms 
• Tips on how to report non-work-related cybercrime 
• Tips on how to stay safe on social media 
• Recommendations for parents on how to keep children safe online 
• A webinar on protecting your child from cyberbullying 
• The OUCH! newsletter, a multilanguage resource on various topics in cybersecurity

Technology tip: Clean out your Downloads folder

How often do you clean out your Downloads folder? When you download something from a website or install software, it often creates a file or document, usually saved in your Downloads folder because of your browser's default setting. Many users rarely, if ever, check and clean out their Downloads folder leading to high volumes of information being retained in the folder - a variety of zipped files, MS O365 documents, pictures, installers etc. which may contain a variety of types of data.

What are the benefits to regularly cleaning out your Downloads folder? Aside from the obvious benefits of removing duplicate or unnecessary data and saving disk space, regularly cleaning out your Downloads folder supports in ensuring that we are collectively in compliance with our records retention policies. All information retained by CPM, including Personal Data and non-personal data, is subject to the Omnicom Data Retention and Records Management Policy and should be stored in agreed and approved shared locations in order that we can ensure the appropriate access controls and retention and deletion arrangements. Downloads folders are not approved locations for the storate of data.

What is the best practice to keep my Downloads folder clean? Move downloaded files immediately to either your personal or shared OneDrive or SharePoint site and ensure that no copy is maintained in your Downloads folder. Make it a habit to check your Downloads folder on a weekly basis to ensure that it is empty.

The hidden risks of neglecting clear desk and screen policies

In the modern workplace, data privacy has expanded beyond digital files and online security to include the physical workspace. A key component of safeguarding sensitive information is adherence to the CPM Clear Desk and Screen Policy. Neglecting this policy can pose significant privacy risks, potentially compromising sensitive data and exposing the organisations to security breaches.

This article is intended to explore the risks of failing to adhere to this policy and offer practical tips for maintaining proper information security.

The Privacy Risks

• Unwanted Exposure of Sensitive Data: Failing to clear your desk of sensitive documents, printouts, or handwritten notes can expose confidential information to prying eyes. This is especially problematic in open office environments where colleagues, visitors, or cleaning staff may have access.
• Whiteboard Residue: Whiteboards often contain strategic plans, meeting notes, or sensitive information. Failing to erase or clean whiteboards adequately can lead to unauthorized individuals gaining access to sensitive data or insights.
• Inadequate Document Disposal: Disposing of flip chart papers or printed documents improperly can result in confidential information ending up in public trash bins or recycling containers, increasing the risk of data leaks.

Tips for Proper Information Security:

• Follow the CPM Clear Desk and Screen Policy: Ensure that you read the Clear Desk and Screen Policy and make it a part of your working practice (both at home and in the office).
• Use Secure Storage Solutions: Keep sensitive douments in secure storage options, such as lockable filing cabinets or drawers when not in use.
• Regular Desk Clearing: Clear your desk of sensitive information when stepping away from your desk and at the end of each day. This includes storing printed documents securely and wiping clean whiteboards.
• Proper Document Disposal: Only use the confidential waste bins for disposing sensitive documents.
• Maintain Physical Access Controls: Do not lend your access badges or keycards to other employees.
• Screen Locking: Lock your computer screens when you step away from your desk.
• Encourage Others: Remind others when you see poor practice (i.e. someone leaves their desk with their laptop unlocked), and commend good behaviour to encourage colleagues' compliance with the Clear Desk and Screen Policy.

In today's data-driven world, maintaining proper physical information security is just as critical as digital safeguards. By adhering to the Clear Desk and Screen Policy and implementing the tips mentioned above, you can help us reduce the risk of data breaches and protect the privacy of sensitive information. A culture of privacy and security begins with each employee's commitment to safeguarding information, both in the digital realm and in the physical workspace.