Doing the Right Thing with Our Consumers

Using Our Voice in Advertising and Media

We have made a choice to step up and use our voice in advertising as a force for good and a force for growth by taking a stand on equality. We recognize that P&G and our leadership brands can make a meaningful impact with our wide reach, as images and portrayals of people in advertising embed memories which can lead to bias. That is why, as the world's largest advertiser, we have committed to use our voice to shed a light on bias and promote equality.

Keeping Privacy and Security Strong

Protecting Personal Information

The global privacy compliance landscape continues to evolve and become more complex as various jurisdictions, including among others, the European Union, Brazil, China and several U.S. states, have established comprehensive privacy laws. Many of these laws mandate additional legal requirements, create new personal data rights for their citizens and contain the potential for large fines in the event of non-compliance. In response, P&G has created an extensive governance model to help try to comply with these laws. This consists of dedicated privacy employees responsible for maintaining compliance. They are supported by multi-functional regional privacy compliance teams, including lawyers and information security professionals and “Communities of Practice” that share, train and consult on common issues and best practices across the regions. These teams are consistently developing and improving P&G’s personal information processes and activities to attempt to meet industry best practices.

However, P&G recognizes that properly managing personal information requires more than just complying with global privacy laws. Our stakeholders, whether consumers, employees, shareholders or vendors, trust that P&G will ensure that appropriate privacy measures are implemented to transparently process personal information and information security controls will be in place to help safeguard critical business and personal information. Our stakeholders also expect that we take appropriate steps to ensure that personal data is maintained with due confidentiality and appropriate integrity and is retrievable when needed.

We believe in having a strong culture of protecting our stakeholders’ personal information in order to build a relationship of trust with them. With that in mind, we continue to develop a strong information security program to help ensure we have the appropriate levels of controls to secure data, both internally and externally. We also believe in transparency which is why we consistently update our consumer and employee privacy policies, as well as disclosures to clearly communicate how we collect, use and protect consumers’ personal information. P&G is committed to using consumer personal information only for the purpose of improving the content, products and services offered and implements strong data retention and minimization standards. We also provide consumers with the ability to control the manner in which P&G uses their personal information as set out in applicable laws.

Our privacy policies also detail the steps we take to protect personal information from loss, misuse or alteration. These steps can include technical measures like firewalls, intrusion detection and prevention systems, unique and complex passwords and encryption. Our intent is to implement appropriate safeguards to attempt to protect against evolving and emerging privacy risks across the globe, even where the laws may not require it.

P&G has built global and regional corporate privacy compliance processes to help ensure that privacy compliance is driven through every part of the organization in a sustainable manner. We continue to refine and update these programs internally, while ensuring that we also drive compliance with our suppliers through privacy and information security assessments and contractual obligations.

In addition, we drive a culture of compliance through the training of employees on data processing and privacy obligations, centralized identification and management of security incidents and risks, restricting employee access to personal information on a need-to-know basis and implementing appropriate security measures, including appropriately securing documents when not being used by the employee.