AT&T has a firm commitment to the privacy and security of our consumers’ and users’ data, as evidenced by our privacy policies and, as the Corporate Governance issue brief refers to, our AT&T Code of Business Conduct. When we say/use the term “consumer,” we’re referring to those individuals who purchase goods and services from AT&T or who subscribe to our services or interact with our websites, apps, content and games.
Consumers count on AT&T to deliver the best entertainment and communication experiences in the world. They also count on us to protect their information and respect their privacy. The AT&T Chief Privacy Officer (CPO) is responsible for overseeing adherence to the company’s Privacy Principles, policies and commitments across all operating companies and reports to the AT&T Chief Compliance Officer (CCO). The CPO and CCO update executive leadership and the AT&T Board of Directors about privacy-related topics by presenting to committees of the Board of Directors, such as the Governance and Policy Committee and Audit Committee.
Our global privacy program is based on a set of principles that explain our commitments:
- Transparency. We’re open and honest about how we use your data.
- Security. We use strong safeguards to keep your data confidential and secure.
- Choice and control. We give you choices about how we use your data.
- Integrity. We do what we say.
In keeping with our transparency principle, AT&T publishes a biannual Transparency Report in which we provide a comprehensive list and narrative of the legal demands to which we must respond including the number and types of demands, those that were partially or completely rejected, demands for location information, exigent requests, and international demands. Our commitment to the law and our Privacy Principles is reflected in our comprehensive, voluntary reporting to the public of this information.
AT&T is committed to compliance with applicable privacy laws and regulations in domestic and international markets where we operate. The AT&T Communications Privacy Center includes a Global Approach section, which details our compliance with regulations in geographic areas throughout the world. We have identified the common elements of numerous privacy laws and extended these to support our products and services around the world. We also account for unique, additional or variant aspects of the laws of each country in which we offer services.
Because one of the best ways to protect privacy is to follow strong security practices, AT&T provides consumers with information on how to maintain privacy, safety and security in an increasingly connected world. For more information on the programs we offer, see our Responsible Use of Products & Services issue brief.
Championing Privacy within Our Business
AT&T Communications and AT&T Mexico employees are responsible for reviewing and adhering to the Code of Business Conduct, which codifies our core values and lays out the guidelines for how we do business, operate and interact with consumers, suppliers, communities and each other. The Code of Business Conduct specifically includes sections stating employees will “guard the privacy of our customers’ communications,” “protect the information about our customers that they entrust to us,” “work lawfully and in accordance with regulations that apply to us,” and “protect assets, confidential information and intellectual property.” We hold ourselves to the highest standards, and that means always doing the right thing. It also means operating with integrity, transparency and honesty in everything we do.
AT&T’s Chief Privacy Office oversees and implements new privacy compliance programs in accordance with evolving international, federal and state legislation. The Office sets the requirements and provides oversight of the business to ensure that consumers can exercise their individual rights under applicable privacy laws. The Chief Privacy Office partners with the business to provide employee training and awareness around these new laws. Our training and awareness programs provide consumer-facing employees with the resources they need to support the company’s compliance with all privacy laws. When new privacy laws are enacted, the Chief Privacy Office collaborates with the business to evaluate whether and how to update affected privacy disclosures, notices and policies. The Chief Privacy Office verifies the accuracy of our policies on an ongoing basis by consulting with the business regularly on our representations regarding our privacy processes and practices. Further, the Chief Privacy Office collaborates with the business to address new and emerging issues in technology and data privacy. For example, AT&T developed and implemented guidelines in support of our AI Principles, biometrics,. sensitive data and de-identification standards for data usage, which highlights our commitment to the ethical and safe use of data.
Other privacy and security policies that support our core values include the AT&T Security Policy & Requirements and internal privacy guidelines based on privacy-by-design principles. AT&T has established technical, administrative and operational safeguards that are designed to make the information we collect and use secure. We safeguard data using a variety of approaches such as encryption, anonymization and other security controls. We also secure our network and limit access to consumer information within the company to those who have a business need. For more information, including details about our free apps and initiatives that have led to AT&T now blocking or labeling more than 1 billion robocalls per month, see our Network & Data Security issue brief.
While we work hard to safeguard the privacy of consumer and employee information, there are occasions when unauthorized parties attempt to gain access to our consumers’ or employees’ information. In partnership with stakeholders such as the AT&T Chief Security Office, our Corporate Compliance Office provides oversight of privacy and security incidents, including periodic testing of incident response plans. The AT&T Incident Response team follows a carefully designed governance structure and response process for these incidents, investigating suspected breaches and evaluating their potential impact. If we determine that a data breach has occurred, we notify affected consumers and authorities as required by applicable law.
Additionally, we incorporate privacy into the development of new services and capabilities. When necessary, our advanced privacy protections have been reviewed by AT&T’s Chief Data Office scientists and/or by external technical experts. With their expertise in data re-identification and other key topics, they help AT&T set privacy-related guardrails that have a scientific and mathematical foundation.
In addition, our involvement and leadership with leading privacy and business organizations – including the Conference Board, Information Accountability Foundation, International Association of Privacy Professionals and Future of Privacy Forum – enable us to share best practices and ensure that our privacy policies and programs maintain best-in-class status.
Privacy Advocacy and Stakeholders Engagement
We believe that open discussion across the industry – and with privacy advocacy groups, various government organizations and regulatory agencies – is the best way to reach agreement on consumer protections. We have participated in the Freedom Online Coalition’s Advisory Network and the Organisation for Economic Co-operation and Development (OECD) Privacy Guidelines Experts Group. We also engage regularly with groups including the Business Roundtable, the Center for Democracy and Technology, the Future of Privacy Forum, the Information Accountability Foundation, Access Now, and Article 19, and we are regular participants in RightsCon, which serves to provide the company with analysis, insights and trends on our privacy policies and initiatives.
AT&T has also advocated for the adoption of federal consumer privacy legislation to create a unified regulatory regime for privacy, data security and breach notification, consistent with the standards developed and enforced by the Federal Trade Commission over the past 20 years. We have participated in discussions convened by the U.S. Chamber of Commerce, the Center for Democracy and Technology, the Information Accountability Foundation, and others aimed at reaching agreement on the principles that should form the foundation of a federal consumer privacy law.