AT&T has a firm commitment to the privacy and security of our consumers’ and users’ data, as evidenced by our privacy policies and Code(s) of Business Conduct. Consumers are those individuals who purchase goods and services from AT&T or who subscribe to our services or interact with our websites, apps, content and games.
Consumers count on AT&T to deliver the best entertainment and communication experiences in the world. They also count on us to protect their information and respect their privacy. The AT&T Chief Privacy Officer (CPO) is responsible for overseeing and enforcing the company’s Privacy Principles, policies and commitments across all operating companies – regularly updating executive leadership and the AT&T Board of Directors through the Public Policy and Corporate Reputation Committee and the Audit Committee about privacy-related topics.
Our global privacy program is based on a set of principles that explain our commitments:
- Transparency. We’re open and honest about how we use your data.
- Security. We use strong safeguards to keep your data confidential and secure.
- Choice and control. We give you choices about how we use your data.
- Integrity. We do what we say.
AT&T is committed to compliance with all privacy laws and regulations in domestic and international markets where we operate. Our Privacy Center includes a Global Approach section, with links to details about our compliance with regulations in different geographic areas, such as the European Union, Brazil and New Zealand. This section is updated regularly when new privacy laws are enacted.
Because one of the best ways to protect privacy is to follow strong security practices, AT&T provides consumers with information on how to maintain privacy, safety and security in an increasingly connected world. For more information on the programs we offer, see our Responsible Use of Products & Services issue brief.
WarnerMedia’s advertising unit, Xandr, optimizes media spend across TV and digital properties for buyers and sellers. As part of our efforts to boost transparency, we offer an Online Advertising & Ad Tech Glossary to educate consumers on the advertising industry’s many technical terms. We ensure the data Xandr’s platform collects does not reflect names, email addresses or other information that directly identifies a user.
Championing Privacy within Our Business
AT&T employees are responsible for reviewing and adhering to the Code of Business Conduct, which codifies our core values and lays out the guidelines for how we do business, operate and interact with consumers, suppliers, communities and each other. The Code of Business Conduct specifically includes sections stating employees will “guard the privacy of our customers’ communications,” “protect the information about our customers that they entrust to us,” “work lawfully and in accordance with regulations that apply to us,” and “protect assets, confidential information and intellectual property.” We hold ourselves to the highest standards, and that means always doing the right thing. It also means operating with integrity, transparency and honesty in everything we do.
In addition, WarnerMedia employees are responsible for reviewing and adhering to the WarnerMedia Standards of Business Conduct. This set of standards states that employees “are obligated to protect the security and privacy of personal information collected by the Company, including information about our customers, employees and business partners. This includes adhering to privacy laws and policies, as well as any agreement between the Company and its customers and business partners.”
The Chief Privacy Office, led by the CPO, oversees and implements new privacy compliance programs in accordance with evolving international, federal and state legislation. The CPO sets the requirements and provides oversight of the business to ensure that consumers can exercise their individual rights under applicable privacy laws. The Chief Privacy Office partners with the business to provide employee training and awareness around these new laws. Our training and awareness programs provide all consumer-facing employees with the resources they need to support the company’s compliance with all privacy laws.
When new privacy laws are enacted, the Chief Privacy Office collaborates with the business to evaluate whether and how to update affected privacy disclosures, notices and policies. The Chief Privacy Office verifies the accuracy of our policies on an ongoing basis by consulting with the business regularly on our representations regarding our privacy processes and practices. For example, AT&T developed and implemented guidelines in support of our AI Principles and de-identification standards for data usage, which highlights our commitment to ethical and safe use of data.
WarnerMedia has a dedicated Privacy Center of Expertise, as well as its own Chief Privacy Officer. The WarnerMedia Privacy Center of Expertise works with AT&T’s Chief Privacy Officer to fulfill the same function noted above for WarnerMedia and Xandr.
Other privacy and security policies that support our core values include the AT&T Security Policy & Requirements, WarnerMedia Information Security Policies and Standards, WarnerMedia privacy policies and internal privacy guidelines based on privacy-by-design principles. AT&T has established technical, administrative and operational safeguards that are designed to make the information we collect and use secure. We safeguard data using a variety of approaches such as encryption, anonymization and other security controls. We also secure our network and limit access to consumer information within the company to those who have a business need. For more information, see our Network & Data Security issue brief.
In addition, privacy and security trainings are provided as required or recommended. Such training is offered throughout the year via AT&T and WarnerMedia’s internal platforms. Our annual compliance training for employees incorporates our privacy program and awareness. Additionally, the company’s annual Ethics@Work training incorporates privacy by covering how protecting consumer and employee privacy is a top priority. Overall, the company has elevated its internal awareness initiatives around privacy, such as a full slate of broadcast and digital programs and activities around global Data Privacy Day.
We work hard to safeguard the privacy of consumer and employee information. However, there are occasions when unauthorized parties attempt to gain access to our consumers’ or employees’ information. In partnership with stakeholders such as the AT&T Chief Security Office, our Corporate Compliance Office provides consistent oversight and guidance of privacy incidents, including periodic testing of incident response plans. The AT&T incident response teams follow a carefully designed governance structure and response process for these incidents, investigating suspected breaches and evaluating their potential impact. If we determine that a data breach has occurred, we will notify affected consumers and authorities as required by applicable law.
Additionally, we incorporate privacy into the development of new services and capabilities. When necessary, our advanced privacy protections have been reviewed by AT&T Labs and/or by external technical experts. They have expertise in data re-identification and other key topics, and they help AT&T set privacy-related guardrails that have a scientific and mathematical foundation. In addition, our involvement and leadership with leading privacy and business organizations – including The Conference Board, International Association of Privacy Professionals, and Future of Privacy Forum – enable us to share best practices and ensure that our privacy policies and programs maintain best-in-class status.
Privacy Advocacy and Stakeholders Engagement
We believe that open discussion across the industry – and with privacy advocacy groups, various government organizations and regulatory agencies – is the best way to reach agreement on consumer protections. We have participated in the Freedom Online Coalition’s Advisory Network and the Organisation for Economic Co-operation and Development (OECD) Privacy Guidelines Experts Group. We also engage regularly with groups including Business Roundtable, the Center for Democracy and Technology, the Future of Privacy Forum, the Information Accountability Foundation, Access Now, Red en Defensa de los Derechos Digitales (R3D) and Article 19, and we are regular participants in RightsCon.
AT&T has also advocated for the adoption of federal consumer privacy legislation to create a unified regulatory regime for privacy, data security and breach notification, consistent with the standards developed and enforced by the Federal Trade Commission (FTC) over the past 20 years. We have participated in discussions convened by the U.S. Chamber of Commerce, the Center for Democracy and Technology, the Information Accountability Foundation and others aimed at reaching agreement on the principles that should form the foundation of a federal consumer privacy law.