At Xerox, we take the utmost care to prevent the unauthorized use or disclosure of information our customers, employees and vendors provide. Our Office of General Counsel works closely, and internationally, with data privacy experts in our Information Management, Information Technology, Ethics, Risk Management, Corporate Security, Human Resources and Product Development groups to develop, maintain and enforce robust privacy and information security policies and practices at Xerox.
Our success depends directly on the confidence our customers have in the capability, performance and security of our products and services. To ensure this, we have policies and controls in place to provide privacy protection for personally identifiable information maintained by Xerox. Our policies follow industry best practices, including the use of encryption technology and data loss protection software.
Additionally, we research and monitor the data-protection laws in the countries where we do business to ensure that we comply with applicable requirements. For example, we comply with the following international laws where applicable:
- Canadian Personal Information Protection and Electronic Documents Act
- European Union Directive 95/46/EC on the protection of personal data and upcoming General Data Protection Regulation
- Applicable U.S. federal and state privacy laws
Xerox policies are enforced through a combination of technical and manual safeguards on our systems and facilities, as well as through violations against employees. Annual training regarding ethics, privacy and security is required of all employees. Additional specialized privacy training is required for certain roles, and numerous privacy training programs are available for employees to take on their own initiative. An Ethics hotline (available publicly and intra-company) and an Incident Response hotline (available intra-company) are for reporting alleged violations for investigation by dedicated, cross-disciplinary teams.
Read more about Xerox privacy policies.