Data Privacy Day is recognized internationally on Jan. 28. Read why Workday has become a Data Privacy Day Champion, and how we embrace the principles of data privacy for our customers and employees in our daily actions.
We live our lives increasingly online, making what we share with others in the digital world ever more significant. To raise awareness of this, the internationally recognizedData Privacy Dayis held annually on Jan. 28 to create awareness about the importance of privacy and protecting personal information.
这一天是为了纪念1981年签署接轨n 108, the first legally binding international treaty addressing data protection, and highlights an issue that is of utmost importance to all of us in our daily lives.
在工作日,我们加入了other businesses and organizations in becoming a Data Privacy Day Champion, because the day’s themes of respecting privacy, safeguarding data, and enabling trust reflect our own priorities of protecting our customers’ data and our own employee data. While we are proud to be a Data Privacy Day Champion, we also know that privacy and data protection require year-round vigilance, and we remain strongly committed to protecting the personal data of our customers and employees.
Here’s how we embrace these principles in our daily actions.
Workday is deeply committed to protecting our customers’privacy. We provide our customers with an in-depth data protection commitment that sets forth our responsibilities and obligations as a data processor. In addition, we strongly support regulations that protect the cross-border transfer of personal data.
Specifically, Workday was one of the first companies to certify to the new EU-USPrivacy Shield. Very recently, the U.S. Department of Commerceannouncedthat a similar framework had been agreed upon with Switzerland for the transfer of Swiss personal data to the U.S.Workday will move quickly towards certification of the Swiss-U.S. Privacy Shield, which will be available on April 12, 2017.
In addition, we continue to actively monitor progress of theAPEC Privacy Recognition for Processors System, and intend to certify once it is available. This certification will allow companies that conduct business in APEC member countries to demonstrate that their privacy management practices for processing personal data are compliant with the APEC Cross-Border Privacy Rules Framework. We will continue to maintain our certification as a controller with the APEC Cross Border Privacy Rules System.
Workday has a single security model for all data, transactions, processing, and applications. All end users, administrators, and integrations use the same access mode, preventing situations where individuals access the data directly at the database level. This ensures that access and data changes are tracked and audited, lowering security risk.
Beyond technical controls, safeguarding data requires implementing extensive organizational controls. This month, the privacy team in our global offices conducted an internal awareness campaign, for teams ranging from product management through our support organization. This is part of our ongoing commitment to ensuring all employees safeguard customer data.
Workday customers take a trust-but-verify approach to gain assurance that Workday has the tools, technologies, processes, and controls in place to protect their data. To evidence these safeguards, Workday provides our customers with independent third party audit reports such asService Organization Control(SOC) 1 and SOC 2, as well as certifications toISO/IEC 27001,ISO/IEC 27018, andPCI-DSS. We are pleased to announce that our most recent SOC 2 report covers all of the availableAICPA Trust Services Principles: Privacy, security, confidentiality, availability, and processing integrity. The audit results described in Workday’s SOC reports demonstrate that we have strong controls in all five of these areas.
Workday customers receive notifications when reports are available through a secured site, which also includes information about the Workday Trust Program. The goal of the Workday Trust Program is to create an open and transparent trust framework with our customers. It provides an overarching approach that encompasses all of the Workday initiatives in place and investments made to protect customer data. Recently, we added a dedicated space for data privacy, making it easier for our customers to find information and resources about topics, such as theGeneral Data Protection Regulation, in one place.
At Workday we take the trust placed in us by our customers seriously. Data Privacy Day gives us the welcome opportunity to reflect on our continuous efforts to safeguard that trust.
More Reading
Craig Barattin, vice president of finance and controller at Healthfirst, shares what first drew him to Workday Rising, why he and his team keep returning, and what first-timers should know to make the most of their experience.
What are the human challenges developers typically face? Matt Weseloh, HR applications architect at Raytheon Technologies, shares his experiences with Workday development and the profound impact it has had on his career.
Anu Parthiban, senior manager of HR technology at Discover, discusses her personal journey to becoming a developer. She also shares her insights on building applications on Workday and the inspiration that drives her as a leader.