Data Protection Program

Data Protection Team

Eaton Vance’s data protection team includes dedicated staff in legal, compliance and information technology functions. Industry certifications represented on the data protection team include: Certified in Risk and Information Systems Control, Certified Information Systems Security Professional, Certified Information Systems Auditor and Certified Information Security Manager.

The Company’s data protection program is based on widely adopted standards, including the National Institute of Standards and Technology’s Risk Management Framework and Information Systems Audit and Control Association’s COBIT 5 Framework. This framework uses a risk-based approach, integrating security and risk management activities by understanding the risks on the application, infrastructure, process or data, and implementing the appropriate controls to protect against and mitigate the identified risks.

The Company’s data protection program includes policies, notices, procedures and guidance relating to the collection, usage and protection of confidential and restricted data. The Data Protection Notice and the Privacy and Security Notice provide detailed information on how Eaton Vance is committed to protecting the privacy and confidentiality of personal data in compliance with the applicable laws.

Awareness and Training

The Company’s data protection program incorporates an awareness and training program. All employees are required to complete security awareness training when they join the Company and on an annual basis. On a quarterly basis, social engineering and phishing email tests are conducted to verify that employees are identifying and responding appropriately to data security threats.

Back to Corporate Responsibility Overview