Integrity Bulletin

Document Sample
Integrity Bulletin Powered By Docstoc
					         Integrity Bulletin
A Message From Laura Lonsdale, Ombudsman                                                                  THIRD QUARTER 2009

                               Most of us have been there . . . in a moment of haste, we type
                               an e-mail and accidentally hit “reply” or worse yet “reply to all”
                               instead of forwarding the message to the intended person. Or
                               we send an e-mail to an unintended recipient because the names
                               auto-populate. While using e-mail and Internet applications can
                               dramatically increase our efficiency, they can also create a new set
                               of risks for employees and companies. At a minimum, misdirected
                               communications can certainly lead to embarrassment, and, in
                               some extreme instances, they can result in much more serious

                                In today’s mobile work environment, where sending numerous
e-mails every day on a BlackBerry has become commonplace and where much of our work is
done electronically and remotely, it’s critical that each of us becomes familiar with Tyco’s data
security guidelines, as well as the significant financial and reputational impact associated with
data breaches.                                                                                         In this Issue
This Integrity Bulletin touches on some of the risks associated with communicating in this             Data Safety in the Digital Age
electronic age and provides helpful information about how each of us can minimize related risks.
                                                                                                       E-mail Policies
A significant area of risk for all companies is data breaches and the costs associated with them.
If customer or employee data is not adequately protected, there can be damaging consequences           Identity Theft
including reputational and financial harm. A recent study conducted by the Ponemon Institute
(independent information and privacy group) shows that it costs a company an average of USD            Surfing Safely
$6.6 million per event if there is a breach of customer data (the general average is USD $200 per
                                                                                                       Values in Action:
compromised record). Furthermore, an average of an additional USD $4.6 million is lost due to
decreased business following such a data breach. If a company suffers a customer data breach,          2009 Vital Values Program
it can cause reputational harm as well. This could be particularly damaging to a security company
like ADT.

In this issue, you will also find guidance on acceptable computer usage and, in the spirit of spring
cleaning, useful information on our Records Management Policy.

Finally, I want to thank everyone for participating in this year’s Guide to Ethical Conduct
commitment process and Vital Values education program. If you haven’t completed your assigned
courses yet, please take some time out of your busy schedule to do so.

As always, I welcome feedback and look forward to hearing from you. I am here as a resource for
you; if you have any questions or concerns please don’t hesitate to contact me.

Laura Lonsdale
Integrity Bulletin                                                                                        THIRD QUARTER 2009

                      Values In Action
 Welcome to the sixth edition of the Values in Action Series. This series typically highlights Tyco
 businesses and employees who are faced with tough ethical dilemmas and ultimately do the                We would like to give
 right thing, even if it means losing business or negatively impacting the bottom line. This month,
                                                                                                         thanks to the following
 however, we will focus on a new aspect of Values in Action: employees applying the values –
 Integrity, Excellence, Teamwork and Accountability – to their daily work activities to achieve          GEC champions:
 great results.
                                                                                                         ADT NA: Erika Berrios
 As you know, Tyco is nearing the completion of the 2009 Vital Values program, which includes            ADT HQ: Anita Aubin
 the Guide to Ethical (GEC) Commitment Statement Process and Vital Values Education                      ADT ANZ: David Barlow,
 (VVE). This is the one time of year that we all come together to achieve a common goal – the            Alyson Ludemann,
 completion of the GEC Commitment Statement process. Additionally, more than 50,000                      Frances Hughes
 employees will participate in VVE. Many of us may never stop to think about the effort involved         TFS Asia: Ka Li Loh
 in rolling out this type of global initiative. We receive an e-mail from our business leadership        TFS EMEA: Natasha Clark
 team informing us “It’s Commitment Time Again,” we proceed with our commitments, and we                 TFS SA: Sakina Mayet
 complete our required VVE modules. However this process requires an extraordinary effort that
 truly exemplifies our Values in Action, and in this article we are recognizing this effort and those    TFS LATAM: Cecilia Torres
 individuals who make this process happen.                                                               TFC LATAM:
                                                                                                         Angélica Kanashiro
 To successfully launch the GEC and VVE program, it truly takes a team. From HR to IT,                   TFC ANZ: Brendan Murphy,
 Communications to Leadership, and the LMS team to Corporate Compliance, this is TEAMWORK                Kathy Coreneos,
 at its best! Hundreds of employees from around the globe have collaborated over the past                Lorraine Maxwell
 several months to make this program happen. Without the teamwork and dedication of any of               TFC Asia: Raoul Xu,
 the above groups or individuals, this program could not be successful.                                  Yu Ying Seah
                                                                                                         TFC NA: Shayne McCamie
 Additionally, we can greatly attribute the success of the GEC and VVE program to the business           TTC: Jennifer Zaroski
 champions who have taken ownership of program implementation within their organizations and
                                                                                                         TFC EMEA: Valerie Lassalle
 accepted responsibility for driving the program to completion. In addition to the champions,
 ACCOUNTABILITY for the success of the program goes all the way to the top of each                       TSP/TEMP: Agnes Tan,
 organization. Each business president is held accountable for a 100% completion target for the          Rashmi Deo
 GEC Commitment Process and 90% completion targets for the VVE program. And, of course, we               SimplexGrinnell:
 cannot forget that each employee is individually accountable for his or her participation.              Tonya Miller
                                                                                                         EarthTech: Dawn Horsfield
 To help achieve process EXCELLENCE, several significant changes have been made to the                   Tyco Corporate: Kathy Snell,
 program, the most important of which is the integration of the GEC and VVE programs. We now             Kim Vallier, Ros Ben Shabat
 have one process and one time frame supported by a common infrastructure, the Tyco Learning
 Management System (LMS). Integrating these programs will provide us process and reporting
 efficiencies and will allow the businesses to drive training deeper into the organizations.

 And finally, there is INTEGRITY. As CEO Ed Breen stated in his e-mail to kick off this year’s process, “Our Commitment to the highest
 standards of integrity begins with ensuring that everyone across the Tyco organization understands our core values – values that define
 how we conduct ourselves – both as employees and as decision makers.” The VVE program provides continued learning opportunities
 to ensure that our employees fully understand the policies and principles outlined in the GEC and how our values are tied to behavioral
 expectations. By recommitting to the GEC on an annual basis, we are all committing to act with the utmost integrity and to comply
 with company policies, procedures and local laws.

 Thanks to everyone who has contributed to the success of the 2009 Vital Values program and who continues to exemplify our Vital
 Values every day.

 If you would like to share a Values in Action story, please contact Tracey Turner, Director of Compliance Education, at
Integrity Bulletin                                                                                                  THIRD QUARTER 2009


If you have any policy questions or
need a clarification, write to or to the
Ombudsman directly (see contact
                                               Case Studies
                                               Case Study #1 – Inappropriate Computer Usage
information on page 7).                        While an IT professional was doing some work on an employee laptop, he discovered some child
                                               pornography. Additional review revealed a series of inappropriate e-mails between the employee and
I sometimes get inappropriate e-mails          an underage girl.
forwarded to me which are in violation of
Tyco’s Guide to Ethical Conduct (GEC). Will    Resolution:
I get in trouble and what should I do?         The employee was terminated and his laptop was handed over to the U.S. Federal Bureau of
                                               Investigation (FBI) for further investigation and prosecution.
You will not get in trouble for merely
receiving unsolicited e-mails containing       Lessons Learned:
sexually explicit content or other offensive
                                               Employee laptops and desktop computers are company property, and the company has the right at
material (see note below). However, it
is important that you delete the e-mail        any time to review their contents. Tyco has a zero tolerance policy for pornography on its computers
immediately and avoid saving, forwarding       and violating this policy can result in discipline up to and including termination. Where certain
or showing the e-mail to others. Saving,       content may represent a violation of law, such as child pornography, it also will be turned over to the
distributing or showing such e-mails           authorities for investigation.
is a violation of company policy which
could subject you to discipline, up to and
including termination. If the sender is        Case Study #2 – Identity Theft
unknown, contact the Help Desk to block
                                               A Tyco employee received an official-looking e-mail from a bank to her Tyco e-mail address requesting
future e-mails. If the sender is a Tyco
employee, tell them you do not want to         that she update her information including her name, address, account number, etc. The e-mail
be included in any messages like these in      contained a link to a seemingly legitimate Web site. However, the site was not legitimate and took the
the future and that he/she should not be       vital personal data entered by the unknowing employee. As a result, the employee compromised her
sending them because it is a violation of      personal data by entering her information into the Web site and became a victim of identity theft.
the GEC. You should contact a manager,
Human Resources, a Legal representative        Resolution:
or the Ombudsman to address any                The employee had to cancel all of her credit cards, notify her bank, etc., to minimize damage to her
compliance issues with the employee. If the
e-mails are from outside friends or family     credit report and prevent additional unauthorized purchases in her name.
members, please advise them not to send
them to you at work.
                                               Lessons Learned:
                                               This method of soliciting personal information is called “Phishing” and can take many forms, most
Note: If you register your e-mail at an        notably through e-mail containing links to seemingly legitimate Web sites or correspondence asking
“adult” dating service site or other sites     for personal information. In 2007, U.S. citizens and companies lost USD $3.2 billion to phishing scams.
containing pornography or sexually explicit
language, or if you otherwise actively         Phishing e-mails will most likely look official at first glance and may ask for personal information such
solicit inappropriate e-mails, this will be    as your User ID and Password, Social Security number, credit card information, PIN number, etc.
considered a proactive action on your part     By giving scammers this information, you will be putting yourself at risk for fraudulent charges and
to access or receive inappropriate e-mails
and is a violation of Tyco’s policies.         identity theft.
                                               If this happens at work, Tyco International will also be put at risk and may be the target of hacking,
I saw a study showing the massive financial
impact that data breaches can have on a        infiltration, and other security risks. This may look familiar to many of you who may receive e-mails
company. How can I ensure I’m protecting       claiming that you are in line for a massive inheritance from a long lost relative and all the estate
myself and the company?                        “lawyer” needs is your bank account information so he/she can wire the money in.

The following practices can help protect       If you are still questioning the validity of an e-mail containing a link, manually re-type the site link
against the damaging costs associated          into your Web browser. By doing so, you will find the actual destination of the link rather than the
with the loss of company proprietary           disguised link that may be contained in the e-mail. Getting into these habits will decrease your risk
information. These same practices can
                                               of becoming a victim of phishing at work and at home and will help to protect yourself and Tyco
be used in your personal life as well.
When handling information, and while           International as a whole.
performing your regular daily activities,
                                               To learn more about Security Awareness and how to protect both yourself and Tyco International,
think about whether the activity you are
performing will have an impact on the          go to and visit “Security Awareness Training” under the Guide to
storage, access, disposal and transmission     Ethical Conduct.
of that information.
Integrity Bulletin                                                                                                 THIRD QUARTER 2009

                                                 Case Studies
Keeping the following tips in mind will
help protect the sensitive proprietary
information you may access every day as a
Tyco employee:

  •	 At Home: Make sure your sensitive           Case Study #3 – E-mail Monitoring
     proprietary data is stored in a secure      An employee was sending very sexually explicit e-mails to her boyfriend from work. Her boyfriend
     place like a safe.
  •	 At Work: Do not leave anything of value
                                                 did not work for Tyco and used a Yahoo account.
     exposed in your office / work space
     (e.g., lock sensitive company proprietary
     documents in your office, file cabinets     Tyco’s software monitoring tool detected the e-mails. Because of their nature and frequency, the
     or desk drawers).                           employee was terminated.
  •	 At Home: Password-protect your home         Lessons Learned:
     computer and do not use the same            Tyco has a right to monitor all e-mails sent to or from a company-owned computer or over our
     password for financial Web sites and
     other types of sites.                       network. This includes correspondence between two Tyco employees as well as communication with
  •	 At Work: Limit access to the company’s      external people. It also includes e-mails sent from your personal accounts (Hotmail, Yahoo, Gmail,
     resources and sensitive proprietary         etc.) if the e-mails are sent over the company’s network. Employees will be disciplined for vulgar or
     information to only those individuals
     whose job requires such access. Do          sexually explicit content.
     NOT keep your passwords written on a
     note pad or post-it note by your
  •	 At Home: Use a shredder to destroy
     documents that have your sensitive
     proprietary information on them.            Policy & Procedures Corner
  •	 At Work: Use a shredder or secure
     disposal bin when discarding documents      Each quarter, we highlight a policy or guideline that may be helpful to you.
     with company proprietary information
     including sensitive customer, employee,
     or company information. [Note that          Records Management -
     official company records should only
     be destroyed in compliance with the
                                                 Time for Spring Cleaning
     Records Management Policy.]                 The Tyco “closets”—in our offices and at off-site
  •	 At Home: Be sure you know who you           vendors—are bursting at the seams with files and
     are communicating with before you           boxes of documents. Is there a way to know what
     offer your sensitive proprietary data       to do with them, what must be saved and what may
     either via phone or e-mail.
  •	 At Work: Do not send company pro-           be disposed of? Our Tyco Records Management
     prietary information (credit card,          Policy, employee guidelines and other tools have the
     social security numbers, etc.) by e-mail    answers, and all are available online at:
     without using an encryption process
     approved by IT Security.

Is it okay for me to use the Internet at the     The Basics
office for personal reasons, such as to check
the scores of sporting events or check my        Except when you have been notified about a “destruction hold” by the Tax or Law
bank account, etc.?                              departments, only “official records” are required to be stored, and only for the period of
We recognize that with the amount of             time called for in the Tyco “Records Schedule.” Official records are the company’s complete
time people spend at work, there will be         and final records documenting a transaction, commitment or company activity, or providing
times when employees use the Internet for
                                                 information necessary for ongoing operations. Duplicates or drafts of official records are not
incidental personal reasons. Each business
unit has policies referencing Internet usage,    official records.
so if you are unfamiliar with your business’
policy, please contact your IT department.       Most of the paperwork or electronic documents we work with every day are not official
Generally, the following activities on or from   records and are not required to be stored (unless you received a destruction hold notice).
your work computer could be acceptable as        When these records no longer have a routine use for you and your department and aren’t
long as they are limited in duration or extent
and do not adversely affect your attention to    needed for ongoing operations, they may be destroyed (but be careful with proprietary
and completion of your job responsibilities:     information; most locations have special receptacles for removing such documents).
reading the news, checking your personal
e-mail, accessing your child’s school Web
site, and accessing personal banking             Learn More
accounts. You may not access Web sites that
contain pornographic or offensive material.      The Tyco Records Management intranet site has guidelines with step-by-step instructions.
A general rule of thumb is if you would be       Check it out or contact the Law department for your location or function for assistance, and
(or should be) embarrassed if your boss knew     be on the lookout for an upcoming records management event at your location.
how much time you were spending “surfing
the Web” or which sites you were visiting,
don’t do it. When accessing your accounts
and personal interest Web sites, please
remember all Internet traffic on all company
equipment is monitored and logged.
Integrity Bulletin                                                                                      THIRD QUARTER 2009

  In the news
  This section features “straight from the headlines” news clips that demonstrate ethical failures by both individuals and companies
  around the world. Each quarter, we’ll provide you a few examples . . . some well known, others maybe not.

  Nationwide - United Kingdom’s largest building society, Nationwide, was fined £980,000.00 (roughly $1.4
  million USD) from the Financial Services Authority (“FSA”) after a laptop theft of a single employee put the
  records of 11 million customers at risk. According to the FSA, Nationwide was guilty of failing to have effective systems and
  controls in place to manage its information security risks. The FSA also discovered that Nationwide was not aware that the laptop
  contained confidential customer information and did not start an investigation until three weeks after the theft.

  TJX Companies - TJX Companies, the parent company of retail stores T.J. Maxx and Marshalls, was hacked in
  mid-2006 and the hackers gained access to the accounts of 94 million Visa and Mastercard holders. In addition,
  455,000 customers who returned merchandise were victims of identity theft as their driver’s license numbers and other personal
  data was accessed. The data breach wasn’t discovered until December 2006. The proper controls were not in place to protect and
  detect the data breach thus putting millions of customers and their personal information at risk. The retail company has settled
  with Visa and Mastercard for USD $65 million, as well as with other banking associations, individual banks and customers for
  undisclosed amounts of money.

  Social Network “Firings”
  As social networking sites like Facebook and Twitter become increasingly popular, so do the occurrences of poor judgment. A
  public post on Twitter by a would-be Cisco employee read: “Cisco just offered me a job! Now I have to weigh the utility of a fatty
  paycheck against the daily commute to San Jose and hating the work.” Shortly thereafter, a Cisco representative had the following
  public post in reply: “Who is the hiring manager? I’m sure they would love to know that you will hate the work. We here at Cisco
  are versed in the Web.” Similarly, an intern at Anglo Irish Bank’s North American branch e-mailed his boss regarding a “family
  emergency” keeping him from the office around Oct. 31. As his co-workers quickly learned from his Facebook page – which
  contained a time stamped picture of him in a fairy costume drinking a beer — the “emergency” was a Halloween party. He was
  terminated. And thanks to the Internet, both of these stories were forwarded thousands of times within hours of their occurrences.

  Belkin Employee Caught “Astroturfing”
  An employee of Belkin International (connectivity solutions company) was recently caught “Astroturfing,” a marketing technique
  which creates an artificial positive buzz on the Web, or, as the term suggests, creates a phony grassroots movement. In the Belkin
  case, the employee was offering people USD $0.65 for each positive review of a Belkin product they wrote on the company’s Web
  site. The offer was listed on an Amazon Web Services Web site, a site intended to give companies access to a technically savvy
  temporary workforce. The fraud was uncovered when a reporter happened upon the listing. “Write as if you own the product and
  are using it,” the employee suggested in the item. “Thank the Web site for making you such a great deal. Mark any other negative
  reviews as ‘not helpful’ once you post yours.” The president of Belkin immediately disavowed the employee’s actions, and the
  company apologized for the ethical breach. Belkin pulled all of the employee’s postings from the Amazon site, and has said it is
  working with outside partners to make sure that any positive reviews which resulted from the employee’s actions were deleted.
Integrity Bulletin                                                                                                                    THIRD QUARTER 2009

 Contacts and Resources
                                                                    ConcernLINE numbers
  Within the United States, Canada                   800-714-1994                  Italy                                                       800-788340
  and Puerto Rico
  Arab Emirates                               0-800-121, after prompt dial         Japan                                                    0044-22-11-2563,
                                                     800-714-1994                                                                            00531-11-4737
  Argentina                                         0800-666-1730                  Kazakhstan                                       8^800-121-4321, after prompt dial
  Australia                                  1-800-20-8932, 1-800-14-1924          Korea                                              00368-110116, 00308-11-0518,
  Austria                                            0800-298-684                  Malaysia                                                  1-800-80-3435
  Belgium                                             0800-7-1417                  Mexico                                                   001-800-613-2737
  Bermuda                                           1-800-714-1994                 Netherlands                                               0800-022-5890
  Brazil                                            0800-891-4177                  New Zealand                                                0800-450464
  Canada                                             800-714-1994                  Norway                                                      800-18540
  Chile                                             1230-020-5495                  Pakistan                                         00-800-01-001, after prompt dial
  China                                   10-800-711-0631, 10-800-110-0577         Philippines                                              1-800-1-111-0112
  Columbia                                         01-800-912-0029                 Poland                                                   0-0-800-111-1561
  Costa Rica                                        0-800-011-1049                 Portugal                                                    800-8-11215
  Czech Republic                                      800-142-728                  Russia (Moscow)                                     755-5042, after prompt dial
  Denmark                                             80-885619                    Russia (Outside of Moscow)                      8^10-800-110-1011, after prompt dial
  Fiji                                    004-890-1001 (when prompted dial         Saudi Arabia                                        1-800-10, after prompt dial
                                                   800-714-1994)                                                                             800-714-1994
  Finland                                            08001-1-6575                  Singapore                                                  800-110-1519
  France                                             0800-90-1703                  South Africa                                               0800-980-082
  Germany                                           0800-187-3586                  Spain                                                       900-97-1031
  Guam                                              1-800-714-1994                 Sweden                                                     020-79-0631
  Hong Kong                                          800-962-881                   Switzerland                                                0800-56-1525
  Hungary                                            06-800-17830                  Taiwan                                                    00801-10-4060
  India                                            000-800-100-1075                Thailand                                               001-800-11-008-3246
  Indonesia                                       001-803-1-008-3365               United Kingdom                                            0808-234-7051
  Ireland                                           1-800-558-549                  United States                                             1-800-714-1994
  Israel                                  180-940-0091, 00798-1-1-004-0083,        Vietnam                                            1-201-0288, after prompt dial
                                                   00308-411-0518                                                                            800-714-1994

                                                               The Office of the Ombudsman
  Within the United States                                                   877-232-4121
  From outside the United States                                             609-720-4427
  Address                                                                    9 Roszel Road, Princeton, NJ 08540
  Tyco Vital Concern Center                                        

 For employees of France, Belgium, Germany and Spain, please use the ConcernLINE phone numbers above or contact the EU Office of
 the Ombudsman at

   Thank you to the following people who contributed to this edition:
   June Adams          Tony Alfano          Rachel Batykefer     David Bleisch             Robert Chiaravalloti   Ken Comeforo           Paul Fitzhenry
   Darren Guarino      Kristen Hill         Shelly Lettman       Felix Mack                Bruce Ramo             Judy Reinsdorf         Barbara Shaffer
   Laurie Siegel       Farla Steinberg      Matt Tanzer          Tracey Turner             Karen Vossler          Yasmine Zyne