The AT&T Issue Brief Library

Our issue briefs provide a summary of key topics. Download all issue briefs for a comprehensive overview, or use our issue brief builder to generate a customized PDF download with your selected topics. 

Protecting Privacy

Materiality Assessment Topic: Customer privacy | Global Reporting Initiative Standard Disclosures: 418-1, Customer Privacy MA

Issue Summary

Privacy is a critical and sensitive issue. In an increasingly sophisticated data environment, businesses can use customer data to offer better and more relevant products and services. This should be done in a way that respects a customer’s desired level of privacy.

Our Position

Customers count on AT&T to deliver the best entertainment and communication experiences in the world. They also count on us to protect their information and respect their privacy. We take customer privacy very seriously. Our customers have choices about how we use their information. We are committed to transparently communicating our privacy policies to our customers in plain language, and this all starts with the AT&T Privacy Policy at

Our Action

The AT&T Privacy Policy explains how we collect, use and protect customer information. The policy is designed to provide transparency into our privacy practices in a format that is easy to read, understand and navigate through various choices.

The AT&T Privacy Policy web experience can be found at, and these pages feature an easy-to-read summary of the policy. The pages are also optimized for use from mobile devices, and our policy is hyperlinked from every webpage that is governed by its terms. Other AT&T privacy policies associated with AT&T apps and loyalty programs are accessible directly from the apps and through other appropriate means.

Customers can send questions or feedback on our Privacy Policy at any time, either by emailing or writing us at AT&T Privacy Policy, Chief Privacy Office, 208 S. Akard St., Room 1033, Dallas, TX 75202.

Championing Privacy within Our Business

AT&T is committed to protecting our customers’ privacy and keeping customers’ personal information safe. All AT&T employees are responsible for reviewing and adhering to the AT&T Code of Business Conduct. This code is the codification of our AT&T core values, and it lays out the guidelines for how we do business, operate and interact with customers, suppliers, owners and each other. We hold ourselves to the highest standards, and that means always doing the right thing. It also means operating with integrity, transparency and honesty in everything we do.

AT&T has privacy and security policies that supplement our core values. These policies include the AT&T Security Policy & Requirements; the Data Management Policy/Committee, which governs/reviews third-party data-sharing proposals; and the AT&T Privacy Policies and internal privacy guidelines based on Privacy-by-Design principles. AT&T has established technical, administrative and operational safeguards that are designed to make the information we collect and use secure. We safeguard data using a variety of approaches such as encryption, anonymization and other security controls. We also secure our network and limit access to customer information within the company to those who have a business need. In addition, privacy and security trainings are provided as required or recommended, and such training is offered persistently throughout the year via AT&T internal websites. AT&T also makes relevant privacy and security information available to employees through various means, including internal websites and company communications. For example, AT&T has dedicated web interfaces for employees to ask questions about privacy/security and engage the appropriate team for reviews. Supplementary privacy/security guidance materials are also provided on an as-needed basis, depending on the nature of the data processing by specific group or role within the company. Employees are also provided privacy and security awareness communications, such as Data Privacy Day and the Chief Security Office’s (CSO) Awareness Program, which is an enterprise-wide information security initiative designed to enhance awareness and educate all employees about the security and business best practices for protecting AT&T information assets and data.

AT&T works hard to safeguard the privacy of customer and employee information in today’s digital world. Despite our best efforts, there are occasions when unauthorized parties gain access to our customers’ information. In partnership with stakeholders such as the AT&T Chief Security Office, the Corporate Compliance Office provides consistent oversight, investigation, guidance and reporting of privacy incidents. The AT&T Privacy Incident Response Team follows a carefully designed governance structure and response process to these incidents, investigating and ensuring that any necessary remediation, reporting or notification is handled in accordance with the AT&T incident-response protocol.

The Chief Privacy Officer (CPO) leads a dedicated team that manages the AT&T global privacy program, privacy-use cases and privacy policies. Protecting customer privacy is the responsibility of every employee at AT&T, but the CPO is particularly charged with ensuring that our privacy policies accurately reflect our privacy commitments and are in-line with industry standards. The CPO regularly updates senior leadership on privacy issues. Additionally, we incorporate privacy into the development of new services and capabilities, and our advanced privacy protections in many cases have been reviewed by AT&T Labs and/or by external technical experts on our Data Advisory Board.

Consumer Privacy Education and Outreach Initiatives

Especially in a data-driven world, consumers need education about the privacy implications of various data practices so that they can make informed decisions about the trade-offs involved. AT&T supports the continued need for consumer education and awareness, which is a hallmark of our privacy program. AT&T educates consumers on privacy and security, and builds awareness of data collection/use practices and the consent tools that control them. For example:


  • Choices & Controls: AT&T puts customers in control by listing consent choices on a dedicated webpage. These choices pertain to how we contact them and how we use/share their information. For example, these choices include whether information is used/shared to receive relevant and personalized advertising that is more tailored to personal interests; whether information is included in aggregate reports that provide consumer insights to business customers; and whether information is shared with third parties for services that consumers sign up for, such as fraud prevention and identity services. See Your Rights and Choices for more information.
  • AT&T Smart Controls: Our Smart Controls website provides comprehensive access to information about expert resources and tips designed to help customers manage their technology choices and address safety concerns when using of our products and services. Specific Smart Controls tools include free anti-virus software tools for computer testing and premium ConnecTech services that are available for an additional fee.
  • AT&T Internet Security Suite: AT&T helps consumers protect their computers and devices from malware, viruses and hackers. Visit the AT&T Security Suite to learn more.


Cyber Aware

AT&T provides security tips to protect consumers from fraud and guard against identity theft through Cyber Aware, a website to help customers learn about email and text scams, spam and identity theft, and learn to recognize and prevent cybersecurity threats. Cyber Aware ties privacy and security together because one of the best ways to protect one’s privacy online is to follow the best security practices. The goal is to create resources that are detailed enough to be helpful, but simple enough to be inviting.

Digital You®

Digital You® is a resource that provides parents, youth, digital newcomers, people with disabilities, and community leaders with information on the devices they use and how to maintain privacy, safety and security in an increasingly connected world. The website was developed in collaboration with national and local organizations, and addresses topics for all ages, such as preventing cyberbullying, managing your online presence, protecting your computer and data, and parenting in the digital age.

To create materials for the Digital You website, we worked with Common Sense Media, LGBT Tech, National Consumers League, iKeepSafe, Family Online Safety Institute, and other experts in online safety, senior technology education, accessibility and LGBTQ issues.

For more information on the programs we offer, see our Promoting Safe Use of Product and Services issue brief 

Engaging with Stakeholders on Privacy

We believe that open discussion across the industry—and with privacy advocacy groups and various government organizations and regulatory agencies—is the best way to reach agreement on consumer protections. We participate in a wide range of industry and multi-stakeholder discussions on various privacy issues.

Privacy Advocacy

Customers count on AT&T to deliver the best entertainment and communication experiences in the world. They also count on us to protect their information and respect their privacy. The privacy of AT&T customers around the world is of paramount importance to us, and we work hard to earn and maintain customer trust. AT&T joins other technology companies and public interest groups in advocating for limits on the government’s ability to obtain customer communications stored abroad. AT&T believes that law enforcement should respect the laws of other countries and work through established treaties and that U.S. law enforcement must demonstrate a clear relationship between the customer or content and the U.S. before obtaining content stored abroad. Our country’s respect for international data-protection standards will help ensure that the privacy interests of Americans are also respected by other countries. Advocating this view, AT&T filed a brief1 in the Second Circuit Court of Appeals and supported a proposed law known as the International Communications Privacy Act (ICPA).


1Brief of Amici Curiae AT&T Corp., et al., Microsoft Corp. v. U.S.A., Civil Action No. 14-2985-CV, 2014 WL 7213180 (2d Cir. Dec. 15, 2014)

Updated on: Nov 20, 2018