Privacy

Our 2010 Commitment: GE planned to continue to enhance its processes for reviewing and updating Information Governance and Privacy policy in relation to new opportunities and challenges continually being presented in our efforts to provide the Company and its employees the tools needed to work productively and compliantly, and to keep GE Information safe. GE also planned to continue taking an active role in public discourse on Privacy policy and issues of importance in a world of evolving technology. Finally, GE planned to share more information on privacy in relation to electronic health records (EHR) systems offered as GE Healthcare products, and for use in GE’s employee clinics.

In 2010, GE and its Information Governance and Privacy practices continued to expand on their commitment to information governance and privacy as a core value for employees, partners and customers, taking responsibility as a thought leader on these topics both within GE and externally.

Operationally, the GE Privacy practice group continued to focus on the key elements of its data protection program—people, policies, processes and technology—making strides in each of these areas. Importantly, in September 2010, an updated version of the long form The Spirit & Letter policy was published, entitled Privacy and the Protection of GE Information. The updated policy expands the scope of the previous Privacy policy to address matters of increasing importance to the Company, including Document Management and the responsible use of online resources, and to take into account evolving law and technology in the Information Governance and Privacy realms. This policy update will be more broadly communicated with the planned 2011 publication of a summary version easily accessible to GE’s employees and partners. Additional standards and implementing guidelines that support the Privacy and the Protection of GE Information Spirit & Letter policy are being refreshed in 2011; one key update will be to The Acceptable Use of GE Information Resources, which details the rules and considerations GE employees and partners must understand with regard to the use and protection of GE Information and GE Information Resources.

Excerpt – The Spirit and the Letter: Privacy and the Protection of GE Information

Issued: September 2010. Supersedes October 2000

What to know

In today’s digital world, information can be shared, stored and accessed in a wider variety of ways than ever before. Whether proprietary information about business plans and operations, or confidential information about employees, customers and suppliers, GE Information is one of the Company’s most valuable assets, and must be used and protected in an appropriate manner. The collection, use and protection of information are often regulated. GE is committed to handling information responsibly and in compliance with applicable information security, privacy and other laws.

This responsible handling of GE Information is called Information Governance. Information Governance comprises the set of policies, guidelines and procedures relating to the creation, use, protection and disposal of GE Information Resources. This Spirit & Letter policy establishes the principles of Information Governance, and is supported by guidelines and procedures described below, as well as other Spirit & Letter policies that involve specific types of personal and business information.

In the people-focus area, work was begun to assess privacy resources across GE, both at business and regional/country levels; work to enhance resources where needs are identified will continue into 2011. In 2010, two expert resources were added to the Corporate Privacy team, including our European Privacy Counsel. Each of these additions will help GE to achieve its Privacy goals in 2011 and beyond.

In the process and technology realms, Information Governance Committee and Leadership teams, which include senior leaders drawn from across Legal and IT practice areas and all GE businesses, continued to meet and review new uses of information and new technology developments. In 2010, the team addressed several initiatives of critical importance to protecting the security of GE and GE Information. Additionally, the Privacy team has partnered with other GE teams to champion the advancement of initiatives of great value and interest both to GE employees and the communities in which they live and work, such as the HealthAhead campaign, which has designed a variety of interactive portals and programs to benefit employee and family health; these efforts will continue into 2011 with the rollout of additional exciting features and opportunities for employee and family engagement. The GE Employment Data Protection Committee also worked in 2010 to help facilitate the compliant implementation of EHR systems in certain GE employee medical clinics; this work will continue into 2011 as the Company seeks to provide a meaningful combination of provider and employee utility, and employee privacy in these systems.

In the area of public policy, GE’s Information Governance and Privacy teams also worked within industry coalitions to comment on proposed updates to the EU Data Protection Directive, and participated directly in dialogues with the U.S. Department of Commerce on proposed U.S. federal privacy frameworks. Additionally, the GE team contributed to two extremely well-received whitepapers (“Operationalizing Privacy by Design: The Ontario Smart Grid Case Study” and the State of New York Public Service Commission’s “Proceeding on Motion of the Commission to Consider Regulatory Policies Regarding Smart Grid Systems and the Modernization of the Electric Grid”) addressing evolving technologies and the uses of personal information in the Smart Grid. These projects have helped foster dialogue among utilities, regulators and other key industry stakeholders about their roles in advancing consumer privacy in product and grid design and operation.

Excerpt–The State of New York Public Service Commission’s “Proceeding on Motion of the Commission to Consider Regulatory Policies Regarding Smart Grid Systems and the Modernization of the Electric Grid”

Privacy has emerged as a hot-button topic among consumer advocates, regulators and even policymakers, as the vast new data flows created by the smart grid create questions around how best to ensure the protection of consumers’ personal information. While utilities have a long history of managing such information, they will need to develop new processes that cover the proliferation of consumer-specific technical data, such as highly granular energy usage and pricing data.

As utilities craft measures to address privacy, GE believes the first step is to put in place a secure end-to-end communications and applications infrastructure. Without security there can be no privacy. Once a secure environment exists, and prior to the implementation of Advanced Metering Infrastructure (AMI) programs, privacy policies should be further developed and refined.

In the area of product use and design, in 2010 GE Healthcare pursued and received certification as a Certified EHR Technology under the American Recovery and Reinvestment Act (ARRA) for its Centricity Advance, Centricity Electronic Medical Records (EMR) and Centricity Practice Solution products. This certification required GE Healthcare’s EMR products to demonstrate capabilities to satisfy each privacy and security criterion where technically feasible. In 2011 GE Healthcare will continue its dedicated efforts to anticipate customer data protection needs and expectations in product and services development.

GE personnel also continue to actively participate in the International Association of Privacy Professionals (IAPP) and other key privacy organizations and conferences. GE’s senior counsel for Information Governance and Privacy, Nuala O’Connor Kelly, served as president of the Board of Directors of the IAPP for 2010 and will continue to serve on that board in 2011. GE also actively participates as a member of international privacy groups such as the Global Privacy Alliance, the Future of Privacy Forum, and TechAmerica.

GE looks forward to continuing to advance its Information Governance and Privacy goals in 2011 and beyond, sharing and building upon its leadership experience in the responsible collection, use and protection of information assets.