Priorities

Customers

Privacy and information security

Our customers, team members and investors expect us to demonstrate that we collect data appropriately, use it for purposes that advance their interests, and keep it secure. Our approach to data governance encompasses the protection and appropriate use of data across its life cycle, and we incorporate data governance proactively as a core consideration in all our business initiatives and technology decisions.

The BCE Board adopted an enhanced data governance policy in 2020, bringing together multiple existing policies and programs in the interrelated areas of privacy, information security, data access management and records management. In 2021, we implemented mandatory data governance training for all employees.

Privacy

WHY IT MATTERStagGRI 103

Customers are becoming increasingly aware of the importance of protecting their personal information as well as privacy considerations regarding their use of wireless, Internet, and media services. This has attracted the attention of lawmakers and regulators, and changes to privacy laws have been proposed in a number of Canadian jurisdictions. There has also been increased regulatory scrutiny of the use, collection, and disclosure of personal information in Canada. Our continued focus in this area aligns with our strategic imperative to champion the customer experience.

WHAT WE ARE DOING

We value the trust that our customers place in us when sharing their personal information. We make every effort to be transparent about our privacy practices and are committed to being accountable for how we collect, use and disclose personal information. Our privacy policy sets out what information we collect, how and why we collect and use it, and how and when we may request informed consent from our customers, how customers can access their personal information and how they can contact us if they have questions or concerns.

At Bell, we value the trust you place in us when sharing your personal information. Bell will not disclose a customer’s confidential information to government agencies unless it is required or permitted by law (such as when it is necessary to investigate the contravention of a law or to prevent fraud and secure our networks), or in the case of an emergency where there is an imminent danger to life or property. This is our commitment to you:

  1. We commit to being accountable to you for how we collect, use and disclose your personal information.
  2. We will inform you of the ways your personal information is being collected, used or disclosed. We may do this through our Privacy Policy, our Terms of Use or our websites.
  3. We only collect, use or disclose your personal information if we have your consent, or in circumstances where your consent is not necessary (such as an emergency situation).
  4. We only collect your personal information in fair and legal ways. We limit our collection of your personal information to the purposes identified in advance to you.
  5. We use or disclose your personal information for the reasons it is collected, when it is otherwise allowed, or as required by law. We keep the information only as long as we need to, or as required by law.
  6. We correct your personal information when you inform us of mistakes or let us know that updates are required.
  7. We do our best to keep your personal information safe, and ensure we use physical, technical and administrative safeguards appropriate to the sensitivity of the information. If we transfer your personal information to our suppliers, we ensure your information is appropriately protected.
  8. We make information available to you about our information management policies and practices.
  9. We will provide you with access to the personal information we hold about you upon written request, unless restricted by law.
  10. We are here to listen, and to help. If you have concerns, please contact us at privacy@bell.ca.

Every year, all Bell team members must individually review and sign the Bell Code of business conduct to reinforce the importance of safeguarding customer information and using it only as allowed under our privacy policy. tagGRI 205-2

Bell and its affiliated companies have long been focused on maintaining the accuracy, confidentiality, security and privacy of personal information for customers and team members. In 2021, Bell continued to make significant investments in people, processes and technology in order to protect confidential information from evolving cybersecurity threats. As part of a broader industry initiative, we have implemented a new verification regime to prevent wireless numbers from being fraudulently ported and used to circumvent other security protections and to fraudulently obtain access to personal information. We provide our team members with information and ongoing training on the importance of protecting the privacy of our customers and other team members. We have centralized our privacy policy and resources on the internal Bell Privacy website. This provides clear instructions to team members about their responsibilities for safeguarding customer information. Team members and customers can also address questions about privacy and obtain support from the Bell Privacy Team through our privacy mailbox, which is continuously monitored. More information on our privacy policy, including answers to frequently asked questions, is available at Privacy at Bell. You may also wish to consult the Community and society section on our website.

Number of unresolved well-founded privacy complaints

  2021 2020
Number of unresolved well-founded privacy complaints from the Office of the Privacy Commissioner of Canada 0 0

Target: 0 unresolved well-founded privacy complaints from the Office of the Privacy Commissioner of Canada

Information security tagGRI 418-1, SASB: TC-TL-220a.1; TC-SI-220a.1-2-3-4

WHY IT MATTERS tagGRI 103

Our industry is particularly vulnerable to cybersecurity threats, giving rise to new and emerging standards and regulations. We need to be able to identify and address information security risks in a timely manner in order to be in a better position to protect our market share and reputation, and these efforts align with our strategic imperative to champion customer experience, while at the same time reducing exposure to cyberattacks. Avoiding data breaches can also limit the increase in expenses associated with remediation efforts and legal exposures, aligning with our strategic imperative to operate with agility and cost efficiency.

WHAT WE ARE DOING

We are focused on maintaining the trust that our customers have in us to protect their data. To do this, we implement prevention, detection and response programs related to security threats. In addition, we are helping define industry security and risk management practices, and we train our team members on data protection.

Consistent with Bell’s position as a longstanding leader in providing security services to Canadian businesses and organizations, our Managed IoT Security service provides an advanced layer of comprehensive security services that help keep our customers’ IT infrastructure and systems safe and secure as they adopt IoT technologies.

Our full suite of security services is monitored by Bell’s Security Operations Centre, where a team of more than 190 accredited security professionals are at work 24/7 providing incident management and policy management, and reporting on all security-related incidents.

Bell is also dedicated to protecting its networks, systems, applications, data centres, records and the personal information they contain against all threats including cyberattacks, unauthorized access or entry and damage from fire, natural and other events. Given that the vast majority of Canada’s 100 largest companies use Bell services, we understand and make every effort to protect the competitiveness of Canadian businesses by seeking to maintain network security and stability. That entails continuous investment to upgrade performance. We also deploy defensive layers and controls that are complemented by rigorous monitoring and regular security testing.

As a representative for Canada in the not-for-profit, member-driven Information Security Forum, Bell helps lead the establishment and development of security and risk management practices. We also adhere to a number of international security standards and frameworks, including the Information Security Forum Standard of Good Practice. Bell is also a founding member of the Canadian Cyber Threat Exchange (CCTX.ca), which seeks to help public and private organizations collaborate and share cyber-threat information across different industries and sectors in Canada.

Bell continues to work with government, law enforcement agencies and the technology industry to combat the growth of hacking and other cybercrimes.

Improving awareness and corporate culture around security

In February 2021, we launched our Be Cyber Savvy information security training program. This training program includes onboarding to our specialized Cyber Savvy platform, performing phishing simulations and taking four courses, which team members have a year to complete once they are onboarded. We have onboarded 100% of selected team members in 2021, and plan for all these team members to fully complete the training cycle by the end of 2022. We adjusted the training completion target date from 2021 to 2022 to allow for onboarded members to complete the full training. On December 31, 2021, 70% of selected members had completed the full training program. Additionally, we set a new target for an improved phishing simulation report rate for our team members, with the goal to improve our phishing simulation report rate year-over-year. These initiatives enable a stronger cybersecurity culture and greater awareness of cybersecurity risks. We also aim to align our program to ISO 27001 by the end of 2023.

Key target: Selected employees to complete Bell’s Be Cyber Savvy information security training program by the end of 2022

As of December 31,2021

Onboarded 100%
Training completed 70%
Target 100%

Target: 100% of selected team members completed Bell’s Be Cyber Savvy information security training program by the end of 2022

Target: Align to ISO 27001 standard by the end of 2023

Target: Improve year-over-year phishing simulation report rates

To learn more about how to protect your personal information, visit Bell’s security and fraud prevention resources on Bell.ca and see the Data privacy and information security information sheet on our website. tagSASB: TC-TL-220a