Answered Essay: Case 1: Kraft Foods Inc.: Protecting Employee Data Synopsis Kraft Foods Inc. is the largest food and beverage company in North America
Case 1: Kraft Foods Inc.: Protecting Employee Data
Synopsis
Kraft Foods Inc. is the largest food and beverage company in North America and the second largest food and beverage company in the world. It employs a workforce of about 98,000 individuals; approximately 45,000 in the United States, and 53,000 in sixty-five countries around the world, including fourteen European Union (EU) states (Austria, Belgium, Denmark, Finland, France, Germany, Greece, Ireland, Italy, The Netherlands, Portugal, Spain, Sweden, and the United Kingdom).
When the EU Directive on the Protection of Personal Data became effective in 1998, Kraft needed to revise the means by which it collected, processed, transmitted, and stored employee data. Improvements were made to the Unified Personnel and Payroll System (UPPS) to better protect North American human resources (HR) transactions. International HR systems were converted to the SAP HR system. A Data Transfer Agreement was legally established between Kraft and its operating entities in the EU member states, which specified restrictions on personal data and mandatory data protection principles. The position of Chief Information Security Officer was created, and stronger data security policies and practices were developed and implemented throughout the company.
1.a)How does Kraft implement the following access controls: need to know; least privilege; mandatory access control; and role-based access control?
b.dentify at least ten examples of specific HR data that are considered sensitive at Kraft Foods Inc.
Kraft Foods pdf x 3 a 3 12 TABLE 1-2 Principal Brands Sold in Europe, the Middle East, Africa Latin America, and Asia Pacific (Kraft International Commercial) Cheese and dairy: Philadelphia cream cheese; Sottilerte, Kraft, Dairylea, Osella, and El Caserio cheeses: Kraft and Eder process cheeses: and Cheez Whiz process cheese spread Snack Milka Suchard, Cole d’Or Marabou, Toblerone, Freia, Ter Daim, Figaro, Korona Poiana, Prince Polo, Alper Gold, Siesta Pokrov Lacta and Gallito chocolate confectionery products: Estrella, Maarud. Ciposo, and Lux salted snacks, and Oreo, Chips A,o social, Cerealitas, irakinas, and Lucky biscuits. Convenient meals: Lunchables lunch combinations: Kraft macaroni & cheese dinners, krair and Mirico ipasta dinners and sauces; and Si menthal canned meats, Grocery Krane spoonable and pourable salad dressings; Miracle Whip spoonable dressings: Royal dry packaged desserts: Kraft and ETA peanut butters and Vegemite yeast spread ages:Pacobs, Gevalia, Carte Noire, Jacques vabre, Kahee HAG Be Grand Mere, Kenco, Saimaza, Maxim, Maxwell House, Dadak, Onko, Samar, Tassimo, and Nova Brasilia coffees: Suchard Express, o Boy, and Kaba chocolate drinks: Tang Clight, Noor-Aid, Royal Fresh, Frisco, Q.Refres Ko, and Ki-Suco powdered beverages: Verao, Maguaryjuice concentrate and ready-to-drink beverages; and Capri Sun aseptic juice drinks (under license. 0-K, Annual Report for the Year Ended December 31, 20024 Altria Group, Inc. Awailable ind.com/om/conte age 335007 repo tenk. hirty varieties of cheese to grocers in cities and towns throughout the n 1914, the Kraft Cheese Company opened itsfirst plan United Sta and began processing its own cheese. During the 1920s, Kraft began selling its cheese in Canada, Europe, and Australia. In 1928, it acquired the Phenix Cheese Company, maker of Piriladelphia brand cream cheese. Over the next two decades, Kraft introduced a number of new products, ed process cheese, Miracle Whip salad including Velveeta pas dressing, and Kraft macaroni and cheese dinner. In 1955, Kraft opened a processing plant in Mexico, making it the first U.S. firm to have process cheese and salad dressing production facilities in Mexico. Companies Inc. Philip n 1988, Kraft was acquired.by Philip Mo Morris had acquired General Foods Corporation in 1985,and with the became the world’s largest consume acquisition of Kraft, Philip Mo products company. ions of Philip Morris (General Food n 1989, the food product and Kraft) were joined to become Kraft General Foods. That same yea Kraft General Foods International was established as a subsidiary of Kraft General Foods In 1993, Kraft General Foods acquired the US. and Cana- dian ready-to-eat cereal business from RJR Nabisco. Two years later, Kraft General Foods was reorganized and renamed Kraft Foods Incorporated. North American and international opera tions were conducted through two subsidiaries of Kraft Foods Inc.:Kraft Foods Internatio c. (for nc., and Krai Foods North America ers for Kraft ional). The headq erly Kraft General Foods Intern Foods North America, Inc., was located in Northfield, Illinois, and the s International, Inc., was located in Rye headquarters for Kraft Food Brook, New York. In 2001, the two subsidiaries were consolidated under Kraft Foods ers located in Northfield inois, Kraft nc., with its world headqua Foods North America, Inc., was renamed Kraft North Ame mercial, and Kraft Foods International, Inc., was renamed Kraft Inter national Commercial. On June 13, 2001, Philip Morris Companies Inc., completed an Ini of Kraft’s Class A common al Public Offering of 280,000,000 share ansaction was a stock-for- tock at a price of$31.00 per share. The cash exchange, in which the money was used to pay down the debt of Kraft’s parent company. Although Kraft Foods Inc., was no longer a
Expert Answer
1.a) On the SAP HR system the employee ID is used as user Identification, Kraft is in the progress of changing its North American employee ID’s from SSN numbers to a randomly generated number. Also all users are prohibited from allowing unauthorized users to use their login credentials. Forced password changes occur every 45 days. An unused account for 60 days is automatically locked, and employees leaving the company have their accounts disabled on their date of departure.
Hierarchy & roles have been clearly defined and basis which Kraft could implement access controls on their need base or role based. Access controls would be placed on the employee ID’s. Quarterly reports are generated and shared with all managers to validate the access rights of their employees.
Each user who has access rights to employee data must sign a Human Resources Data Privacy Form, in which the user agrees to comply with Kraft’s data privacy principles. Access is restricted to those users who need to know the data to perform their jobs. In addition users are granted the least privilege necessary to perform authorized tasks. Access is restricted to fewest number of data fields and the shortest time necessary to carry out the job responsibilities.
Code of conduct is available in 29 languages and accessible to its global workforce.
1.b) Examples of HR data sensitive at Kraft are as follows:
1. SSN – Social security number
2. home address
3. home telephone number
4. age / Date of Birth
5. Salary / grade pay information
6. Job performance ratings
7. race or ethnic origin
8. religion
9. gender or sexual orientation
10. criminal records or charges
11. benefit choices (company sponsored savings plan)
12. political opinions
13. trade union membership
14. physical or mental health data
15. photographic images
