• Home
• About ES
• Careers
• Ethics
• Media
• Contact Us

• Products & Solutions
• Technologies
• A-Z Index
• Service & Support

Ethics

• Articles & Notices
• Ethics Officers
• Forms & Policies
• Frequently Asked Questions
• OpenLine Reporting Process
• Training
• Values & Standards

Safeguarding Employee Information

At Northrop Grumman, we value our employees. To conduct business, we sometimes use personal information relating to the workforce in the course of daily business transactions, support, and services. Northrop Grumman respects and is committed to protecting the confidentiality of every employee's personal information. To protect personal information, we will ensure that any data collected, stored, or maintained is handled in accordance with local and federal law, Safe Harbor Data Protection principles, and the highest ethical standards and business practices.

Northrop Grumman makes reasonable efforts to protect your personal information. Our privacy program and data security activities are governed by a number of policies and procedures. With respect to personal information about individuals ("data subjects") located in European Union (EU) countries, Northrop Grumman also adheres to a self-regulatory program that complies with the safe harbor privacy principles set forth in the July 2000 agreement between the EU and the United States Department of Commerce. All Northrop Grumman sites adhere to CO H403, Privacy of Employee Information, and CO H407, Safe Harbor Data Protection.

Personal Information Use

Northrop Grumman collects, processes, and stores personal information for the following purposes:

• Determining, evaluating, and implementing employment-related actions and obligations,
• Designing, evaluating, and administering compensation, benefits, and other human resources programs,
• Designing, evaluating, and implementing employment-related education and training programs,
• Monitoring and evaluating employee conduct and performance,
• Maintaining plant and employee security, and health and safety,
• Collecting and storing customer information,
• Making data subjects' names, images, and other items of business-contact information available by means of website posting, business cards, brochures, and other promotional media to Northrop Grumman's present and potential customers, suppliers, contractors, joint venture partners, other business associates, and employees,
• Maintaining business records relating to past, present, and potential customers, suppliers, contractors, joint venture partners, other business associates, and employees,
• Conducting auditing, accounting, financial, and economic analyses, and
• Facilitating business communications, negotiations, transactions, conferences, and compliance with contractual and legal obligations.

Safe Harbor

The Corporation has self-certified with the Department of Commerce Safe Harbor Program. The Safe Harbor Program incorporates Data Protection Principles, which govern the transmission and processing of personal information sent from EU member countries to the United States. Personal information is defined as any information or set of information that identifies an individual, excluding any publicly available information. Generally; there are two categories of personal information:

• Sensitive information, as defined in the European Commission Data Protection Directive is information about a data subject's medical or health condition, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or sexual lifestyle.
• Business contact personal information is defined in CO H407A and includes such data as full name, employee number, and business data such as title, mailing and email addresses, phone numbers and Cost center. This information does not require the same level of security as "personal sensitive information" referred to in CO No. J103A, Protection of Information Matrix.

Following are the seven Safe Harbor principles to which we subscribe:

1. Notice. Employees in EU countries will receive notice about the purposes for which information about them is collected and used.
2. Choice. Employees in EU countries have the right to opt-out of the use of their personal information for any purpose, which is incompatible with the business reasons listed above.
3. Onward Transfer. The Company may transfer personal information to third party agents if there is an agreement in place for the agent to abide by applicable Safe Harbor principles in the use or transfer of personal information of EU employees. In such case, notice and choice are not provided to the data subject unless the company intends the agent to use personal information for a purpose incompatible with the purpose for which it was collected. Notice and choice are provided to data subjects if the personal information is transferred to a third party who is not an agent of the company.
4. Access. Employees in the EU can request reasonable access to their personal information maintained in the U.S. by Northrop Grumman and will have the means to correct, amend or delete that information when it is inaccurate.
5. Security. Reasonable precautions must be taken to protect personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction.
6. Data Integrity. Personal information must be relevant for the purposes for which it is being used, and the information must be reliable, accurate, complete and current for its intended use.
7. Enforcement. Northrop Grumman is committed to cooperating with the EU data protection authorities in the investigation of Safe Harbor compliance issues.

Information Protection

Northrop Grumman has in place appropriate administrative, physical, electronic, and business policies and procedures to safeguard information that is collected, used, or maintained in our systems to conduct operations. These general security measures are in place to prevent unauthorized access, disclosure, alteration, use, or destruction/loss of personal data. Our policies and procedures also include limiting confidential information to only authorized persons with a "need-to-know."

If you need to send or receive employee personal data, you must use reasonable security measures as defined in Corporate Procedure (CO) J103, Protection of Information, and CO J103A, Protection of Information Matrix. Reasonable security measures include the following actions:

• Identifying personal information requiring protection (e.g., Northrop Grumman Private/Proprietary I/II and Safe Harbor),
• Transmitting information with care (e.g., encrypt electronic transmittals, mail packages in sealed envelops/containers, and use a private venue for verbal exchange); electronic transmissions require special care. Northrop Grumman Private/Proprietary I and Safe Harbor sensitive personal information transmissions within the Northrop Grumman National Network (NGNN) are appropriately safeguarded; however, transmissions external to the NGNN require reasonable protection by using software encryption, password protection or other method prescribed in CO J103A.
• Storing personal information in a locked cabinet/office or secure data base, and
• Disposing of personal information with care (e.g., shred paper copies, and delete, overwrite, or destroy electronic copies).

Should you require assistance with information protection, contact your local security representative.

Privacy Statement

The purpose of our website Privacy Statement is to make you aware of our privacy practices and the choices you have about how your information is collected and used. The Privacy Statement applies to all Northrop Grumman websites. Should you access a non-Northrop Grumman website by a link that Northrop Grumman provided, you will then be subject to the privacy policy of the non-Northrop Grumman site. 

We have constructed most of our websites so you can visit them without identifying yourself or revealing any personal information. Many sites collect site statistical usage information and this usage information is summarized so that we can analyze how visitors use a particular site and improve its content, performance, and usefulness. However, none of this usage information contains personal identifiers. 

If you choose to provide us with personally identifiable information (such as name, email address, phone number, etc.), it will be used only for the purpose for which it is provided and within the guidelines outlined in the Privacy Statement and Northrop Grumman policies and procedures. For example, if you send an email with contact information, we will use that data only to provide service and support in reference to your original email. Completion of emails, forms, surveys and the like is voluntary, and aids us in qualitative analysis to improve service and customer satisfaction.

Questions/Concerns

Employees are encouraged to ask questions and seek assistance. You may contact your manager or HR representative for answers to general questions. If you have an inquiry or concern about safeguarding employee information or Safe Harbor data protection, contact the Ethics Office through your site Business Conduct Officer (BCO), or via the ethics OpenLine reporting process (U.S. toll-free 1-800-247-4952 or Europe - Zurich SW 0041 319 9251).

Copyright © Northrop Grumman. All rights reserved.