LS&Co. strongly supports individuals’ rights to control their own personal information. Our privacy program is based on a documented global privacy framework with implementation overseen by our Chief Privacy Officer in partnership with other leaders, including our Chief Information Security Officer. The global breadth of our privacy program is supported by a network of privacy champions embedded in the business.
More than 130 countries have enacted at least one unique privacy and/or data protection law. By basing the core elements of our program on the Fair Information Processing Principles, LS&Co. can more easily respond and adjust to the rapid legislative change in this area. We monitor changing legal requirements and engage numerous external resources and experts to help us appropriately respond to data protection laws and regulations in the jurisdictions where we operate. Our commitment to data protection has visibility at the most senior levels of the organization and forms part of the unique LS&Co. culture. Regular data privacy and data security updates are given by our Chief Privacy Officer and Chief Information Security Officer to senior leadership, the LS&Co. Enterprise Risk Committee and the Board of Directors’ Audit Committee. In addition, we provide mandatory annual information security training for all employees, along with supplementary training on topics such as phishing and social media risk.
We apply a number of approaches to protect company, employee, applicant and customer data from risk, including risks of unauthorized disclosure, loss or misuse. These approaches include vendor security assessments; privacy impact assessments; and legislative monitoring, analysis and benchmarking. In addition, LS&Co. maintains standard data processing agreements and security templates for use in our contract processes that are developed in line with our data use, privacy and security requirements. We actively participate in the data privacy initiatives of multiple third-party associations and industry organizations such as the International Association of Privacy Professionals, the Retail Industry Leaders Association (RILA) and the National Retail Federation (NRF). Together, these help LS&Co. in its commitment to meet applicable legal requirements and to protect data and systems against the greatest risks and latest cybersecurity threats.