Case 1: Kraft Foods Inc.: Protecting Employee Data
Synopsis
Kraft Foods Inc. is the largest food and beverage company in North America and the second largest food and beverage company in the world. It employs a workforce of about 98,000 individuals; approximately 45,000 in the United States, and 53,000 in sixty-five countries around the world, including fourteen European Union (EU) states (Austria, Belgium, Denmark, Finland, France, Germany, Greece, Ireland, Italy, The Netherlands, Portugal, Spain, Sweden, and the United Kingdom).
When the EU Directive on the Protection of Personal Data became effective in 1998, Kraft needed to revise the means by which it collected, processed, transmitted, and stored employee data. Improvements were made to the Unified Personnel and Payroll System (UPPS) to better protect North American human resources (HR) transactions. International HR systems were converted to the SAP HR system. A Data Transfer Agreement was legally established between Kraft and its operating entities in the EU member states, which specified restrictions on personal data and mandatory data protection principles. The position of Chief Information Security Officer was created, and stronger data security policies and practices were developed and implemented throughout the company.
Questions
1 a) Through the UPPS, Kraft provides its employees online access to their own employee data. Why would Kraft do this?
b) Why would Kraft want to move all of its North American HR transactions from UPPS to SAP HR?