Data Governance Guidelines

For HealthCare Employees

1
Data Governance Guidelines For HealthCare Employees
On Day 1 of HealthCare Separation: Before Day 1 of HealthCare Separation:

HealthCare employees will have access to content Each HealthCare employee must remove or transfer
stored in the following locations: any content in their accounts or assets that are not
▪ GE Email Account required and related to the HealthCare business.

▪ Endpoint Devices (laptop, desktop, tablet, ❑ HealthCare employees should not store or retain
phone) any information collected as an employee of GE
that is not required for your role with HealthCare.
▪ Box and GE Library folders
❑ Use this guide to determine if information in your
▪ Mapped drives and system access control should be kept, transferred or deleted.

Failure to comply with these guidelines could expose both GE and GE Healthcare to legal and operational risk and
therefore may result in disciplinary action as applicable.

2
Data Governance Guidelines For HealthCare Employees
Any non-personal data not related to your HealthCare role is the property of GE. If the data is no longer required, then you
must delete the data. If another GE department or business requires the data, you must transfer it to the appropriate employee,
department or business unit before Day 1.

Getting Started:

Submit the compliance

Locate the data stored on
Create a separate dedicated Thoroughly review the stored acknowledgment form in
your endpoint devices, on
folder for your personal data alongside the guidelines Workday stating you have
the cloud in your account
items so you can easily outlined in this document. performed the review and the
**, and Box/GE Library
identify its location and move Transfer or delete content required steps.
folders exclusively owned or
if necessary. where needed. Click the “Submit” button in the Doc
used by you.
and Policy tool

Some transferred data will have authorization restrictions to protect sensitive GE information. The Compliance team will periodically audit a sample
group of employees as a safety precaution. Contact your business Compliance Leader Colleen Schmitt (SSO ID: 212022442) if you have questions

** Account includes: folders on your laptop, computer, historic outlook (*.pst) folders you saved on your device; your Outlook Inbox/Sent items/Deleted
items/Outbox folders (*.ost);

3
Data Governance Guidelines For HealthCare Employees
Data You Can Keep – No Need To Delete*

Personnel information : Healthcare related data: If you are a manager: Other Data:

• EMSs, your resume • Correspondence • Correspondence • Correspondence or photos

• Pay and other compensation
information; personal financial
information
• Retirement, health and other
benefits information &
enrollments
• Awards/Rewards, recognition
letters
• Training Certificates
• Forms/Reports/PPT’s – • Data relating to your team
Working materials members who are transferring
• Non-Critical Business with you
Information Note: You cannot keep any data from
your previous team members that
were in a different GE business unit,
members that have left GE or are
currently members of your team but
not moving transferring with you.
These correspondences may contain
personal information such as
performance reviews, personal
identifiable information or salary
information and cannot be
transferred
that are purely social/family
related
• Personal music files
• Public information: e.g.,
whitepapers, articles
Note: GE has Legal, Tax, Accounting
and regulatory requirements to retain
certain documents for a defined
period. Check the Retention
Schedules - Global Operations. If you
have any of related documents or
files, please ensure they remain
available for GE

If you have been informed there is a LEGAL HOLD on your data, please contact your Legal team to understand what actions you need to take on your data.

* Always subject to business guidelines & local laws 4

Data Governance Guidelines For HealthCare Employees
Data You Cannot Keep – Have To Delete/Relocate
Any documents and data that are not related to Healthcare — whether created by you or someone else — and are not related
to the role or activity you are currently working on or are transferring to, including: Please Note:

Review before you Delete! Some

Data from previous GE roles with no connection w/ your current role – this might contain privileged, Highly Confidential or information might be under Legal
Intellectual Property-related information, correspondence with Customers Hold (contact Legal)

Non-GE information: 3rd party vendor information protected by Confidentiality agreements, NDAs, export-controlled data
If you have been informed there is a
LEGAL HOLD on your data, please
contact your Legal team to
Legal advice or any legally privileged material (Contact Legal aligned to your function to determine if something is legally understand what actions you need
privileged) to take on your data.

If you possess any non-HealthCare data

that you believe should be retained
If you are a manager - any performance reviews for any current or previous non-HealthCare employees not transferring with you due to regulatory or on-going project
work, it must be transferred to GE
storage location. Only after safe
relocation of data should it be deleted
from your device - see next page
Any information or contracts regarding negotiated rates for services / software

5
Data Governance Guidelines For HealthCare Employees
Keep, Relocate or Delete? - Decision Tree

Public information allowed,

Personal Material? NO Related to the current NO NO for other (Non-GE)
(pictures, photos, music, role or activity you are Related to your previous materials relevant
own EMS, award, transferring with? GE roles ? proprietary rules and
recognition) restrictions apply.

YES YES YES

You can transfer, no need to delete You can transfer, no need to delete
from your devices – BUT(!):
STEP 1 STEP 2
from your device or personal folders
Make sure you make You CANNOT
it available for GE if transfer, have to
Retention DELETE from end
requirements apply device and from
If access & path to working to the information your personally
library / folder is known to NO Is the access path to the owned folders
Function as a record data known only to you?
location – no additional (not known by the LEGAL HOLD
steps needed team/function) As noted previously – if
you are on Legal Hold,
Identify current owner(s) and contact Legal to
YES identify what actions
transfer to them. If
unsuccessful, upload HERE: you must take!
Ask and agree w/your Manager, where to upload - to a
http://supportcentral.ge.com/*
team working folder / system of record, so that
HealthcareRemainCoDataRepo,
location should be known (not only to you!) - or share
by creating a new folder for
path of current location so that location/ source
your SSO
should be known to GE
6
Scenarios: Data You Have To Move From Your Device or Personal Folders to GE System of Record, Box/Libraries
All non-personal data that was created during your GE tenure is considered the property of GE. Before you delete or clean the data from your device, ensure the
authentic copy is placed in the appropriate GE location(s) to be available to present at future audits and reviews.

Materials from previous roles - only you have the authentic copy (original record) and Materials from current roles - only you have the authentic copy (original record) and
only you have access to it only you have access to it

Scenario: You worked for another Business and you stored contracts, email- Scenario: You work for Sourcing and you saved contracts, email-exchanges on
exchanges that you saved on your device or in your personal Outlook, Box, your device or in your personal Outlook, Box, Libraries folder. These materials
Libraries folder. These materials do not exist elsewhere. You own authentic do not exist elsewhere. You own authentic copies that might be required for
copies that might be required for future reviews, audits or investigations. future reviews, audits or investigations.

Action: Action:
1. Preferred: Reach out to the owning organization & agree on a location 1. Reach out to your manager
where you upload (Provide access details to new owner)
2. Agree on a location where you upload (system of record, team folder)
2. If you can’t identify a contact – upload here by creating a folder with
your SSO and the relevant business as a subfolder: 3. Provide access details to manager
http://supportcentral.ge.com/*HealthcareRemainCoDataRepo Help
with Transferring Files Documentation
4. Although you can keep it on your device, make sure it is available to
your function – not only to you!
3. After uploaded, delete from device or personal folder

As a principle – you should not store work-related GE information on your devices, it should be placed into a GE authoritative system record or located in GE Box, library folders
identified by your respective function.

If you have been informed there is a LEGAL HOLD on your data please contact your Legal team to understand what actions you need to take on your data.
7
Common Questions
❑ Do I need to review everything in my email?
Yes. Any personal or GE business correspondence may be kept, and all other emails should be deleted. Any non-personal data not related to your current
business is the property of GE and should be deleted. * Please remember you are responsible for the data that is stored on your pc, email folders and box
folders.
❑ I have email PSTs that contain multiple years of information. Do these need to be reviewed?
Yes. It is common that users store historical emails in PSTs and the same rules apply, only personal or GE business correspondences can be transferred out of
GE.* (Creating and Transferring PSTs process Windows OS.)
❑ Can I keep recognition emails from previous roles?
Yes. You can retain any correspondences pertaining to awards or recognitions.
❑ As a manager, can I keep emails related to my current team(s) in HealthCare?
Yes. If your current team members are all moving to the NewCo. and you will retain your organization, then yes, you can keep these correspondences.
❑ As a manager, can I keep emails related to my previous team(s) not in HealthCare?
No. For previous teams that were in a different GE business unit, members that have left GE or are current members not moving to the NewCo., you cannot
retain any correspondences. These emails may contain personal information such as performance reviews, personal identifiable information or salary
information and cannot leave GE.
❑ Can I keep a copy of change tickets or request tickets that I have received in the past?
Yes. You can keep these notifications.
❑ Do I need to review everything on my GE endpoint (laptop, desktop)?
Yes. Any personal data (photos, music, etc.) or GE business data you may keep, but be aware of any restrictions on the amount of personal information you
can store on your endpoint. Any non-personal data not related to your current business is the property of GE and should be deleted or if still required,
transferred to a GE employee.*
❑ I have data on Box, fileservers or mapped drives, do these need to be reviewed?
Yes. Any data that you manage must be reviewed prior to it being migrated out of GE. Any personal data (photos, music, etc.) or GE business data ,you may
keep. Any nonpersonal data not related to your current business is the property of GE and should be deleted or if still required, transferred to a GE
employee.*
* If you have been informed there is a legal hold on your data please contact your legal team to understand what actions you need to take on your data.
** Any one on a legal hold will be notified by the GE legal team.