Privacy and Security Programs

Companywide commitment to privacy and security

Korn Ferry’s Privacy and Security Programs

Trust is the cornerstone of our relationships with clients, individuals and the public. When you provide information to us, you expect that we will keep that information secure and comply with applicable data protection laws and regulations. We take this responsibility very seriously and are continuously evolving our Privacy and Security programs to address data protection and privacy laws around the world, including compliance with the General Data Protection Regulation (GDPR), which took effect on May 25, 2018.

In preparation for the GDPR and in advance of certification for compliance with two International Organization for Standardization (ISO) standards, we partnered with teams of internal and external privacy and cybersecurity professionals to enhance our operations. We vetted our tools and technologies to identify opportunities for improvement. We updated policies and procedures to better safeguard your data within Korn Ferry. We also updated our existing risk assessment processes and continue to evaluate our current and new third-party service providers help ensure that your data is adequately protected by our subprocessors.

While we don’t have the space to detail everything that Korn Ferry has done to improve and mature its Privacy and Security programs, here are highlights of some of our activities:

International Organization for Standardization (ISO) Standards

Korn Ferry has been certified by the British Standards Institute (BSI) for compliance with ISO/IEC 27001:2013 and ISO/IEC 27018:2014 for key technology platforms and processes. Certification to these internationally recognized standards demonstrates Korn Ferry’s commitment to best practice information security methods, compliance with globally recognized standards, and the maturity of our global privacy and security programs.


Embedding Privacy into Operations: Reviewing and Updating Policies and Procedures

Complying with the GDPR requires organizations to rethink the way that business is done. Korn Ferry continually examines its data collection, use, transfer, disclosure, and disposal policies and procedures to ensure ongoing compliance with data protection laws and ISO standards.

Embedding Privacy into Operations: Data Subject Rights

Under many data protection laws, data subjects have the right to access, correct, erase, object to, or restrict processing of their personal data. Korn Ferry has updated its internal policies and procedures to help ensure that we respond appropriately to data subject requests.

Reporting on Data Breaches

Korn Ferry has updated its data breach response procedures to help ensure that breaches are promptly discovered, contained, and remediated, and that notice may be provided to relevant Supervisory Authorities and affected data subjects in a timely and compliant manner.

Updating Tools and Technology

Recognizing that data is only as secure as the tools and technologies that manage it, Korn Ferry has made an ongoing commitment to deploy security tools and technologies so that we continue to appropriately protect our clients’ personal data.  We are also transitioning certain key technology platforms so more of our offerings can be hosted from European locations.

Updating Privacy Notices for Transparency

A common principle across many data protection laws is the need for transparent communication of data collection, use, disclosure, and disposal practices. Korn Ferry has updated its Global Privacy Policy to provide you with the information you need to understand how we’re using your data and how you can exercise your rights.

Revamping Privacy Training Programs

Korn Ferry takes privacy and security very seriously. We have overhauled our privacy training programs to ensure that our employees know how to handle your data and treat it in the same manner as if it were their own information.