2. How does Kraft comply with EU data privacy regulations governing the protection of employee data?
3. The EU directive requires "appropriate technical and organizational controls" to be in place to protect the confidentiality and integrity of personal data. How can an organization determine whether its security controls are appropriate?
5. How does Kraft implement the following access controls: need to know; least privilege, mandatory access control; and role-base access control?
7. What is the purpose of Kraft's Code of Conduct for compliance and integrity? How is the information distributed to Kraft employees?
8. Why is Kraft moving away from the use of employee social security numbers for user identification on UPPS?