AT&T has a firm commitment to the privacy and security of our customers and users, as evidenced by our privacy policies and Code(s) of Business Conduct.
Customers count on AT&T to deliver the best entertainment and communication experiences in the world. They also count on us to protect their information and respect their privacy. AT&T’s Chief Privacy Officer (CPO) is responsible for overseeing and enforcing the company’s privacy principles, policies and commitments across all affiliated companies.
Our global privacy program is based on a set of principles that explain our commitments:
- Transparency. We’re open and honest about how we use your data.
- Security. We use strong safeguards to keep your data confidential and secure.
- Choice and control. We give you choices about how we use your data. This includes the ability to opt in for some programs and say no to others.
- Integrity. We manage data in a respectful, deliberate way to maintain the trust placed in us. We do what we say.
Because one of the best ways to protect privacy is to follow strong security practices, AT&T provides customers with information on how to maintain privacy, safety and security in an increasingly connected world. For more information on the programs we offer, see our Responsible Use of Products & Services issue brief.
- Championing Privacy within Our Business
AT&T employees are responsible for reviewing and adhering to the Code of Business Conduct. It’s the codification of our core values, and it lays out the guidelines for how we do business, operate and interact with customers, suppliers, owners and each other. We hold ourselves to the highest standards, and that means always doing the right thing. It also means operating with integrity, transparency and honesty in everything we do.
The AT&T CPO leads a dedicated team that manages the AT&T global privacy program. Protecting customer privacy is the responsibility of every employee at AT&T, but the CPO is dedicated to making sure our privacy policies accurately reflect our privacy commitments. The CPO regularly updates senior leadership and the AT&T Board of Directors on privacy-related issues. Additionally, we incorporate privacy into the development of new services and capabilities, and our advanced privacy protections in many cases have been reviewed by AT&T Labs and/or by external technical experts such as our Data Advisory Board — a group of leading experts from academia and consulting who collaborate and consult with our internal experts on the implications and risks of emerging technology. They have expertise in re-identification and other key topics, and they help AT&T set privacy-related guardrails that have a scientific and mathematical foundation.
Further, AT&T has additional privacy and security policies that supplement our core values. These policies include the AT&T Security Policy & Requirements; the Data Management Policy/Committee, which governs/reviews third-party data-sharing proposals; and privacy policies and internal privacy guidelines based on Privacy-by-Design principles. AT&T has established technical, administrative and operational safeguards that are designed to make the information we collect and use secure. We safeguard data using a variety of approaches such as encryption, anonymization and other security controls. We also secure our network and limit access to customer information within the company to those who have a business need. In addition, privacy and security trainings are provided as required or recommended. Such training is offered throughout the year via AT&T internal platforms.
AT&T works hard to safeguard the privacy of customer and employee information. Despite our best efforts, there are occasions when unauthorized parties attempt to gain access to our customers’ information. In partnership with stakeholders such as the AT&T Chief Security Office, our Corporate Compliance Office provides consistent oversight and guidance of privacy incidents. The AT&T incident response teams follow a carefully designed governance structure and response process to these incidents, investigating and ensuring that any necessary remediation, reporting or notification if appropriate is handled in accordance with defined incident-response protocols.
- Engaging with Stakeholders on Privacy
We believe that open discussion across the industry — and with privacy advocacy groups and various government organizations and regulatory agencies — is the best way to reach agreement on consumer protections. We participate in the Freedom Online Coalition’s Advisory Network and the OECD Privacy Guidelines Experts Group. We engage regularly with groups including the Center for Democracy and Technology, the Future of Privacy Forum, the Information Accountability Foundation, Access Now, Red en Defensa de los Derechos Digitales (R3D) and Article 19, and we are regular participants in RightsCon.
- Privacy Advocacy
AT&T is a member of the Digital Due Process Coalition, where we work with other U.S. companies, privacy advocates, and think tanks to advocate for the simplification, clarification and unification of the legal standards in the Electronic Communications Privacy Act, while preserving tools for government agencies to enforce the laws, respond to emergencies and protect the public.
AT&T has also advocated for the adoption of federal consumer privacy legislation to create a unified regulatory regime for privacy, data security and breach notification, consistent with the standards developed and enforced by the Federal Trade Commission (FTC) over the past 20 years. We have participated in discussions convened by the U.S. Chamber of Commerce, the Center for Democracy and Technology and others aimed at reaching agreement on the principles which should form the foundation of a federal consumer privacy law.
Information for Warner Media and Xandr are not included in this brief, except where specifically referenced. Since the acquisition of WarnerMedia in June 2018 and the launch of Xandr in September 2018, we are continuing to integrate operationally and through our CSR reporting.
More Governance Issue Briefs