Data Privacy and

Information Security
Awareness Training
RWS Vendors 2023

1 © 2023 RWS
 How does RWS protect Customer and Personal Data?

• By carefully selecting its vendors

• By providing its vendors with the necessary training and
guidance
• By implementing policies, processes and practises which direct
how information should be protected
• By providing appropriate technologies to protect customer and
personal data

2 © 2023 RWS
 The difference between Information Security and Data Privacy

• Information Security
– Focuses on safeguarding all data by implementing appropriate rules, processes and
controls
▪ E.g. Company Policies, File Handling Procedures, Authentication Mechanisms, Virus
Protection, Encryption, etc
• Data Privacy
– Is an application of rules that govern the collection and handling of personal data. It
assures that personal information is collected, processed (used), protected and
destroyed legally and fairly
▪ E.g. Privacy Notices, Consent, Data Processing Agreements and Data Subject’s Rights

You cannot have Privacy without Security

3 © 2023 RWS
 Why are Information Security controls so important?
To permit the lawful processing of
personal data
• Successful businesses must use personal
data to understand and communicate
with their customers.
• Laws apply in most countries governing
processing of Personal Data.
• RWS must comply with such laws and we
need your help to do so.
4 © 2023 RWS
To allow sensitive data to be
protected when being processed or
stored
• Anybody can be a victim of Cyber crime.
• Hackers are constantly seeking Personal
Data as it moves around the Internet or
trying to “break-in” to the systems
where it is stored.
To protect individuals and
organisations from the effects of data
theft
• Individuals can really suffer both
financially and emotionally.
• The cost to business is not only financial
but damage to reputation.
 The main goals of Information Security are to protect …
Confidentiality
Protection of information from
unauthorized access
Access to information
should be restricted to
those whose role requires
them to have it.
5 © 2023 RWS
Integrity
Information is protected from
unauthorized alteration
Data must not be changed
in transit, and steps must be
taken to ensure data cannot
be altered by unauthorized
people
Availability
Information should be available
for use when and where
required
Content must be in the
correct language and
format and stored in the
appropriate place for it to
be used.
 The Privacy Supply Chain
• Many countries have introduced data protection laws, the most well-known is the European Union's GDPR. RWS has
adopted the GDPR as the standard we apply globally, complying with more stringent local law where applicable.

• RWS is a Data Controller when it receives your personal data, when you register in our systems and to administer our
relationship. Similarly, you are a Data Controller of the RWS staff personal data you receive to enable you to work with
RWS.

• Our customers will provide us with personal data which we then ask you to process, in which case you will be a Sub-
Data Processor:

Data Controller Data Processor Sub Data Processor

RWS Customer RWS You (Vendor)

• Data Protection Law imposes obligations on both Data Controllers and Data Processors to ensure they process the
personal data lawfully. These obligations, amended for the parties' different roles, flow down the supply chain so that
people’s personal data is protected.

• To comply with these obligations RWS has asked you to agree a Data Processing Agreement, and for people outside the
EEA additional Standard Contractual Clauses (SCC). Due to Brexit the UK Government has introduced an additional UK
version of the SCC. These are the International Data Transfer Agreements and RWS will be asking Vendors to enter into
these as required. These documents are the required legal framework which allows authorised processing of the
personal data.

• We also need you to apply appropriate security. This training explains what is required.

6 © 2023 RWS
 What is Personal Data?

Personal Data is information relating to a person or data from which a person

can be identified, such as:

7 © 2023 RWS
 Special or Sensitive Personal Data

This data is considered more sensitive and ought to be processed applying the highest security you can:
• In the EU and UK the following is considered Special Data:
Racial or Ethnic Origin Processing of Genetic, Biometric data for purpose of uniquely identifying a Human
(including individual’s images or voice)

Political Opinion Health

Religious or Philosophical Beliefs Person's Sex Life or Sexual Orientation

Trade Union Membership Criminal Convictions

• Switzerland extends the definition to include:

Ideological Views or Activities Information on Administrative or Criminal Proceedings and Sanctions which are
treated outside pending proceedings

Information on Social Security Measures

• The US calls this data Sensitive Information:

Social Security Number Financial Information

Driver's License Number Medical Records

RWS’ approach is to treat all the above data as “Special”.

8 © 2023 RWS
 Think Security! Know your part in keeping data secure

As a vendor to RWS you play a role in handling and keeping our Customers’
data secure. It is important that you are aware of the policies and obligations
that apply to you and you comply with security best practice, such as:

• Building Strong Passwords

• Using Email Safely
• Keeping Systems and Data Secure
• Reporting Suspicious Activity and Incidents

9 © 2023 RWS
 Building Better Passwords; Your password should be:

Easy to remember but difficult to guess. Use passwords at least 14 characters in length
with a mix of uppercase and lowercase letters, numbers and special characters. Avoid
using your name, or parts of your account name.

Do not write down or share your password with others, this includes co-workers, family
and friends.

Passwords should be unique, so do not use the same password or part of it for
different systems or services. Enable Multi-Factor Authentication if it’s available to add
an extra layer of protection. Change passwords regularly, at least every 90 days.

1
0
10 © 2023 RWS
 Phishing and Email Security!....... Think before you click
• Phishing is when attackers attempt to trick users into
doing 'the wrong thing', such as clicking a bad link that
will download malware to their computer or mobile
device, or direct the victim to a malicious website to
capture login credentials.
• Phishing can be conducted via a text message, social
media, or by phone, but the term 'phishing' is mainly
used to describe attacks that arrive by email. Phishing
emails can reach millions of users directly, and hide
amongst the huge number of benign emails that busy
users receive. Successful email attacks can install
malware (such as ransomware), sabotage systems, or
steal intellectual property, money or personal data.
11 © 2023 RWS
Be alert and look out for the following malicious email
characteristics:
• Emails from an unknown source: You should proceed with caution and
do not open or download attachments or click on links until verified.
• Discrepancies with email addresses, links and domain names, which
don’t match against previous correspondence. Hover your cursor over
them to check.
• Transactional messages and attachments, such as invoices, receipts
and shipping details that do not relate to a purchase made by yourself.
• Bad spelling and the incorrect use of grammar.
• Requests for credentials, payment information or other personal
details.
• Emails that threaten negative consequences or demand urgent action.
• Emails claiming you’ve won a prize or will qualify for a prize if you
reply to the email, or will benefit from a discount by clicking on a link
or opening an attachment.
• Emails from colleagues prompting you to download attachments or
click on links and/or looks suspicious. Check with your colleague to
validate the message is genuine.
 Keeping Systems and Data Secure
• Use RWS approved tools / transfer
mechanisms to send data
• Delete data after the assignment is
completed
• Encrypt your computer’s hard
drive
• Use virtual desktops where
provided. Ensure malware
protection is installed, working and
regularly updated
12 © 2023 RWS
• Don’t work with your screen in
clear sight in public areas
• Don’t discuss work with anyone
else
• Lock the screen on your device
when it’s not being used
• Do not use insecure public Wi-Fi
• Check and apply manufacturer
issued software and security
updates at least on a monthly basis
• Store equipment and hardcopy
data securely
• Do not share devices used for work
with friends or family
• Do not print RWS customer data
• Don’t leave equipment unattended
• Report loss or theft of your device
to RWS as soon as possible
 Recognising a Security Incident

• The following are examples of a security incident:

– If you accidentally send work information to someone you
shouldn’t
– If you accidentally delete work information
– If you lose the equipment you are using for work or it is
stolen
– If your computer equipment gets infected by a virus or you
are victim of a phishing attack
– If you think your username or password has been
compromised
13 © 2023 RWS
 Identified a Security Incident? Report it!

Make a note of your RWS work giver’s contact details upon commencing a new
project.
Contact your RWS work giver as soon as you suspect or become aware of a Security
Incident taking place.
Provide the following information to the RWS work giver:

• The type of incident

• The date and time the incident occurred
• The type of data affected
• The amount of data
• What protections are in place
• Any other relevant information

If you observe something which looks like it could be a security incident please
report it.
RWS are not looking to assign blame for an incident and understand that mistakes
can occur or may be outside of the vendors control.
It is the intention of RWS to help contain the incident, learn from the event and
avoid such an occurrence in the future.

14 © 2023 RWS
 www.rws.com

15 © 2023 RWS