Background 

As a leading global data-driven communication company, BT faces ever-evolving challenges navigating the complex network of data laws across 137 of the countries it operates in. Operating in diverse sectors that are integral to today’s world, such as telecom networks, critical infrastructure protection and technology innovation, the company’s 130,000-plus employees support millions of customers across the globe. To keep up with and get ahead in this complex environment, BT is undergoing the biggest transformation in its history. It realised it had to create a stronger data framework to protect itself and its customers amid global pandemic, significant cutbacks and competitiveness in recruiting privacy professionals. It also needed to combat the development of solo mindsets with competing objectives and behaviours across its many jurisdictions and business units.

Approach 

To address these challenges the company created a Data, Legal Compliance & Assurance (DLCA) team, with a core focus on creating a culture of accountable privacy and driving BT’s purpose: ‘we connect for good’. The team brings together data privacy and security lawyers along with governance, technology, security, project and risk management and behaviours and culture professionals.

The idea is for employees to see themselves as ‘data heroes’, both in terms of ‘data defenders’ both in terms of ‘data defenders’ who protect and secure data and speak up when they’ve made a mistake/spot a potential problem and ‘data agents’ who understand and use data competently, know the importance of clean data and drive value from that data for the business. The DCLA team also created a number of industry-leading tools and training for employees including a gamified training programme called Don’t Feed the ‘Ish’, where employees take on a hacker to learn about the risks of, and how to defend against, phishing, vishing, smishing and poor social media behaviours. Also the Personal Data Risk Radar were employees can check how risky their social media profiles are, learn why and what the fraudsters can do with their personal data and then how to make the changes on their social media to reduce their risks.

Outcome

The DLCA team’s efforts resulted in measurable data maturity progress. Its unique approach to engagement, education and communication, switching the narrative from ‘guard dog’ to ‘guide dog’, has made data and compliance personal and real for every BT colleague so each feels part of the data human firewall.

There has been an increased commitment to data compliance with more than 50,000 employees engaging with the DATA: PLAY YOUR PART campaign while the employee ‘ishing’ click rate has decreased substantially, and there has been an 80% vishing compliance improvement rate in retail stores. The icing on the data cake is that BT and regulator ICO are now working together to drive change across the telco industry, with the ICO acknowledging the DLCA team as an industry leader for data compliance.