Page 71 -
P. 71

70  ENVIRONMENTAL, SOCIAL AND GOVERNANCE REPORT 2020                 CONTRIBUTING TO STAKEHOLDERS         71




 Customers



            incident scenarios that would have a severe impact on   Responsible Communication
 2020 Performance Highlights  Future Actions and Targets  our  business processes. In  the  event  of  a suspected
            cyberattack, our Cyber Security Committee will trigger the   The wide range of communication channels we
 Set up a team of   Develop policies and processes  incident response process, contain the data leakage and   provide allows customers to access information on our
 departmental data   to enhance and streamline  then contact the Cyber Security Centre of the Hong Kong   products and services in a quick and efficient manner.
 protection coordinators   data protection   Police Force and other security experts. We also conduct   These channels also enable us to collect customer
 to enhance the effectiveness of the   measures  regular phishing simulations targeting our employees to   feedback and better understand their needs.
 Privacy Management Programme  heighten their awareness of cyber security risks.

 Further develop the existing   The key to customer privacy is our employees. If our
 Service quality efficiency: 9.0*  Privacy Management                              Online platforms, customer
                                                                                   centres, and 24-hour
 Exceeded target  Programme  employees lack the necessary awareness, mishandle     Customer Service Hotline
            customer information or are unaware of cyber security
            risks, the potential for a customer information leakage   For customers to make enquiries, manage their accounts
                                                              and make appointments for maintenance and installation
 Courteous and friendly  Continue to explore the needs of   incident can be high. To avert this possibility, we have
 attitude: 8.98*  our customers to launch  undertaken various initiatives, including seminar training
 Exceeded target  new products/services  and  the  provision  of  information  security tips.  We also   Customer satisfaction
            host an annual Information Security Week to keep                       surveys
 * Our target was to exceed a score of 8.5 out of 10  employees up-to-date on personal data protection   Conducted bi-monthly by an independent company, with
            matters as well as cyber security knowledge.      low score cases followed up to ensure remedial actions
                                                              are taken
 Management  Aside from reviewing strategies on handling personal   Quality Management and
 Approach  data, the Data Privacy Standing Committee focuses   Customer Service

 on managing potential data breaches. If a data breach
 We are committed to providing our customers with   does occur, the Committee will conduct an interim   Total Quality Management (TQM) motivates employees   Customer surveys and
                                                                                   focus groups
 a safe, reliable supply of energy and the caring,   assessment on the risk of harm and decide whether   in their pursuit of excellence, according to the three   To learn about customers’ views on and experience with new
 competent and efficient service they expect. Various   the incident will be escalated to top management   pillars of Courtesy, Craftsmanship and Integrity.  products or services
 internal policies, programmes and targets are in place to   for their attention. The Committee will also suggest
 ensure customers receive excellent service.  solutions for resolving the incident.  Our Superior Quality Service (SQS) programme has
            helped us build our customer-centric culture and
 Cyber security has also become a key concern of                                    Customer Focus Team
 Customer Privacy and Cyber Security  sparked innovative ideas across Hong Kong and
 stakeholders. To mitigate the risks of data leakages   mainland China. Implemented in 1992, the SQS   Visits to housing estates to collect customer comments and
 and maintain the trust of our customers, we make   programme is held under a different theme each year to   handle any potential issues such as gas safety, bill payments
 At Towngas, we understand the importance of   it possible to wipe the data contained in all mobile   encourage staff to initiate new projects that help improve   and gas appliances
 customer privacy and take every step necessary to   devices carried by our gas technicians and other   our operations, save costs or generate new revenue.  A growing number of customers are becoming
 protect our customers’ data in all our communications   frontline staff remotely, in case these devices are lost.   aware of the positive and negative environmental
 with them. To that end, we have established a   We also isolate sensitive information from our customer   We  also  have  a Towngas Service  Pledge  as  part  of   and social impacts of the products and services
 Privacy  Policy  Statement that sets out our   relationship management system, in order to minimise   our commitment to provide a safe and reliable supply   they consume. For this reason, we make every effort
 standards for handling customer information.  the possibility of hacking incidents.  of gas to our customers as well as friendly, competent   to ensure our marketing materials are accurate and
            and efficient service. To ensure our customers are   based on substantiated information. We also follow

 The Company’s Data Privacy Standing Committee   To guard against cyberattacks, we have commissioned   receiving the highest standard of service, we are   fair and responsible communication practices and
 reviews strategies for handling personal data and,   a third-party consultant to monitor cyber incidents   continuously working towards improving our service   remain committed to ensuring that our marketing and
 together with the Data Protection Officer and the   around the clock. Five response playbooks covering the   and setting higher targets.  communication materials comply with all relevant
 Departmental Data Protection Coordinators, deals with   top five cyber security incidents have been prepared,   government regulations and industry guidelines. In
 personal data situations. Every department is required   with actionable, consistent processes developed   In addition, we organise various training exercises   addition to our marketing materials, customers can also
            and activities to enhance customer service quality,
 to make a declaration to the Company about any data   for responding to and recovering from various cyber   such as our Three Courtesies (manners, etiquette and   access information on Towngas’ products and services
 protection matters that might have arisen during the year.  politeness) culture in Hong Kong and mainland China.  through our websites, leaflets, social platforms, and
                                                              other publications.
   66   67   68   69   70   71   72   73   74   75   76