2 minute read
Southwest’s Commitment to Privacy
By Data Privacy & Compliance Analyst Jennifer Bagnall and Data Privacy & Compliance Consultant Michael McCullough
Understanding privacy allows you to gain some control over how your data is used, shared, and sometimes sold. Many countries now have laws that protect the privacy of individuals, but privacy isn’t just about laws and regulations, it’s also about ethics and transparency. Nothing evolves faster than technology, and technology associated with the use of personal information is no exception. As technology becomes more sophisticated, so does the use of data. Because of this, it’s important for organizations like Southwest to take a proactive approach to privacy.
Advertisement
The Privacy Office at Southwest drives Southwest’s privacy operations to meet current and upcoming privacy laws, regulations, and leading practices. By engaging across the Company, we support any process or technology involving and handling personal information. The Privacy Office hosted Data Privacy Week (March 20-24), an international effort meant to raise awareness about respecting privacy, safeguarding data, and enabling trust. Learn more about Data Privacy Week and the Southwest Privacy Office by visiting the Privacy SWALife page.
At Southwest, we believe that protecting the privacy of our People and Customers aligns with our Company Values of integrity, honesty, and discipline. Here are some insights from Data Privacy & Compliance Analyst Jennifer Bagnall, who runs our Privacy by Design program.
1
The objective of the Triage Questionnaire is to identify the initial risk level associated with a new or updated business process or system. The business process owner may participate in a Data Protection Impact Assessment (DPIA) based on the initial risk level identified.
To manage privacy risk, Southwest Airlines needs to incorporate privacy principles and considerations about how we handle personal information (PI) into the core of our business processes, systems, services, products, and practices. This process is referred to as Privacy by Design (PbD). The purpose of PbD is to assist the Privacy Office and our internal Stakeholders in assessing and mitigating the risks associated of processing PI for a particular business process. The assessment contains two parts:
2
The DPIA analyzes whether the data processing activities of this business process pose a high risk to individuals while helping Southwest identify and minimize data protection risks. A DPIA doesn’t eliminate the risks altogether, but minimizes risks while assessing whether or not any remaining risks are justified.
How do I know when Privacy by Design should be initiated?
Business Process Owners (BPOs) implementing: with a new or changing process should work with their department Privacy Champion to start the PbD process. Privacy Champions are Cohearts embedded within departments tasked as advocates of the privacy program that serve as a bridge between your department and the Privacy Office. These Cohearts are trained on the PbD process and can guide BPOs in answering the questions in the PbD workbook.
Since the purpose of PbD is to call out and minimize data protection risks, it’s most effective when incorporated early in the conceptual design of a business process or system.
Are resources available?
Yes. Reinforcing our commitment to data privacy, the Privacy Office created a Privacy SWALife page at SWALife >Resources >Information Governance >Privacy. The landing page overviews our approach, resources, glossary of terms, and more. While there, reference the Privacy by Design SWALife page under Helpful Privacy and Compliance Links. This page includes:
Privacy by Design Guidelines—A list of initial privacy-related recommended action items to follow or implement as a part of change to confirm you adequately address privacy during the initial design and development phases of a new process or system.
Ultimately, working on PbD and becoming familiar with the guidelines evolves your knowledge on protecting the personal information of Customers and Cohearts and become better stewards of their data. For questions, email Privacy.Internal@wnco.com
Privacy by Design Workbook—An assessment containing the triage and DPIA.
Privacy Champion Roster—List of individuals within each department who serve as liaisons between your department and the Privacy Office.
