Personal Data Transfer Policy

Introduction

Corporate personal computers are important tools for the organization and their use is supported to achieve business goals.  

As per the Code of Conduct: “Colgate’s IT Resources should be used [...]for Colgate business purposes only, except for limited and appropriate personal uses.” 

Further details are provided in the Global Information Security: Acceptable Use Policy

It is therefore strongly recommended that employees don’t keep or retain any personal information on their corporate computers. 

Policy Statement

Colgate-Palmolive Company's IT resources, including computer hardware, software, mobile devices, data, and storage media, are provided for company business purposes. While limited and appropriate personal use is permitted, employees who wish to transfer personal files from their corporate device or Google Drive to personal accounts must follow the procedure outlined below. 

This policy aims to facilitate legitimate personal data transfers while safeguarding company proprietary information and ensuring compliance with the Code of Conduct and all applicable laws and regulations.

Employees seeking to transfer personal files from Colgate-Palmolive IT resources to personal accounts must follow these steps:

  1. Request an Exception: The user must request an exception for Google Drive file sharing with non-business email accounts. This request must be initiated by the user themselves via the link documented in FreshService and cannot be done on behalf of another user. This is an automated exception process and it can take up to 24hrs before the exception becomes active.
  2. Organize Personal Data: The user should organize their personal data, ideally by moving it into a single folder within their "My Drive" in Google Drive. It is important to note that only files owned by the user and located in "My Drive" (not "Shared Drives") can be shared with non-business accounts.
  3. Share Folder with Personal Account: Once the exception approval is granted, the user should share the designated folder(s) with their personal email account.
  4. Download or Copy Files to Personal Storage: This is a crucial step. From their personal computer, and using their personal account, the user must either download the files or make copies in order to gain ownership of the files. The original files shared from the corporate account remain under the ownership of the corporate account and will become unavailable if the user leaves the company and their  corporate account is terminated.

Other considerations

1. User responsibility

  • Employees are required to perform these data transfer tasks themselves. IT  team members  cannot perform these tasks on behalf of the users because : 
  • The process to request the exception only works when the request is made by the employee
  • The IT team members do not have access to the employee’s files (nor should they have)
  • This also addresses ethical and legal concerns related to other people having access or visibility to user’s  personal data

2. Data Security and Confidentiality: 

Employees are reminded of their ongoing obligation to protect Colgate's proprietary and confidential information, even after leaving the company. Any unauthorized disclosure of company data is a violation of the Code of Conduct. Only personal data should be shared with their personal accounts. 

Related Standards, Policies, Processes

Our Code of Conduct

Global Information Security: Acceptable Use Policy