Data privacy

As a global company, IBM's business processes increasingly go beyond the borders of one country. This globalization demands not only the availability of communication and information systems across the IBM group of companies, but also the worldwide processing and use of information within IBM.

IBM remains committed to protecting the privacy and confidentiality of personal information about its employees, customers, Business Partners (including contacts within customers and Business Partners) and other identifiable individuals. Uniform practices for collecting, using, disclosing, storing, accessing, transferring or otherwise processing such information assists IBM to process personal information fairly and appropriately, disclosing it and/or transferring it only under appropriate circumstances.

This policy letter sets forth the general principles that underlie IBM's specific practices for collecting, using, disclosing, storing, accessing, transferring or otherwise processing personal information. These general principles apply to the processing of personal information worldwide by IBM.

The general principles are:

Fairness:
IBM will collect and process personal information fairly and lawfully;

Purpose:
IBM will collect only personal information that is relevant to and necessary for a particular purpose(s) and process personal information in a manner that is not incompatible with the purpose(s) for which it is collected.

Accuracy:
IBM will keep personal information as accurate, complete and up-to-date as is necessary for the purpose for which it is processed.

Disclosure:
IBM will make personal information available inside or outside IBM only in appropriate circumstances.

Security:
IBM will implement appropriate technical and organizational measures to safeguard personal information and instruct third parties processing personal information on behalf of IBM, if any, to process it only in a manner that is consistent with processing it on IBM's behalf, and to implement appropriate technical and organizational measures to safeguard the personal information.

Access:
IBM will provide individuals with appropriate access to personal information about them.

The application of these principles is more particularly described in the applicable IBM Corporate Instructions (and any accompanying implementation guidelines) relating to processing personal information.

In effect since November 24, 1998.