Privacy

Upholding strong privacy principles and effective safeguards to protect personal data and maintain customer trust. 

Click through to learn about our 2024 impact in action. 

Consumers and employees are placing more value than ever on their privacy, and it’s a consideration that shapes which organizations they interact with and how. In fact, 64% of customers experience greater levels of trust when companies provide clear information about their privacy policies. To earn that trust — and keep it — organizations must uphold strict data protection and privacy standards. 

Responsibly managing customer and employee data is fundamental to how we operate, and our global privacy program has four important principles that underpin everything we do:

• Transparency: We’re open and honest about how we use your data.
• Choice and Control: You control how we use your data.
• Security: We use strong safeguards to keep your data confidential and secure.
• Integrity: We do what we say.

We integrate privacy considerations into new service and capabilities development and conduct annual risk assessments to continuously improve our approach. We set targets for timely responses to privacy requests and assess our performance against those targets. 

A Policy-Driven Commitment

Several policies support our privacy commitments, including our Code of Business Conduct, which all AT&T employees must review and adhere to. Other relevant policies include AT&T security policies and standards (covered in our Cybersecurity issue brief and internal privacy guidelines).

Our Privacy Notice explains how we use and protect consumer information, and the choices consumers can make about how their information is used. We regularly update it to ensure ongoing alignment with evolving regulations. The Global Approach section of our Privacy Center details our compliance with privacy laws and regulations across geographic areas outside of the U.S., and the State Law Approach section details how we comply with state-specific privacy laws. We extend common elements of numerous privacy laws to our products and services globally while also accounting for locally relevant laws wherever we offer services.

We take our responsibility seriously, and any employee failure to comply with our policies and guidelines governing data use and collection may result in discipline, up to and including termination.

For more information, see the AT&T Privacy Center and our Policies page. 

Safeguarding Children’s Privacy

We comply with the Children's Online Privacy Protection Act (COPPA), as well as other applicable laws governing the collection and handling of children’s data. We never knowingly collect personally identifiable information from anyone under the age of 13 without first obtaining legally required parental consent.¹

When we do collect information, we do so in accordance with legally permitted purposes or exceptions, or after obtaining legally required parental or guardian permission. Similarly, unless we have consent from a parent or legal guardian, we will not knowingly contact a child under the age of 13 for marketing purposes.

For more on how we address children’s privacy, see the “Information specific to children” section of our Privacy Notice.

Responding Rapidly to Incidents

We test privacy control effectiveness to proactively identify and address potential weaknesses, yet, like all companies, we sometimes experience attempts to gain unauthorized access to customer or employee data. When such situations arise, our Incident Response team rapidly enacts a defined action plan.

The team follows a carefully designed governance structure and response process, investigating suspected breaches and evaluating potential impacts. If we determine a data breach has occurred, we notify affected consumers and authorities.

To ensure our response remains robust and effective, we regularly test and improve it through tabletop exercises. We also keep up to date with data-privacy laws and regulations to ensure ongoing compliance.

Giving Customers a Choice

Information on our privacy and data use approach — as well as links to privacy choices and security tips — is available through the AT&T Privacy Center and AT&T Mexico Comprehensive Privacy Notice, which are clearly signposted on our website and the AT&T app. Privacy policies and notices for AT&T’s apps and services are accessible in-app and on services’ websites. Through these, consumers can explore choices for opting out of certain data collection and marketing programs, such as behavioral advertising.

Our customer Privacy Choices consent portal simplifies making privacy choices and providing consents; we also offer a tool for opting out of email marketing. Similarly, through the AT&T ActiveArmor^SM mobile security app, customers can view all privacy and security resources in one platform. This free app helps customers block spam calls, secure personal data, create a personal block list and more. 

Maintaining Transparency

Transparency is a fundamental principle of our privacy program, and we deliver honest, timely information to customers via several routes.

When we update privacy policies and notices, we notify consumers as required. Consumers can also send questions or feedback by submitting a question via our Data Request Center or writing to AT&T Chief Privacy Office, 208 S. Akard St., Room 2901, Dallas, TX 75202.

We publish a biannual Transparency Report with comprehensive information on our responses to legal demands. It includes the number and types of demands, those that were partially or completely rejected, demands for location information, exigent requests and international demands. The AT&T Global Legal Demand Center oversees demands from law enforcement.  

Promoting Shared Responsibility

We equip all employees with the knowledge and resources they need to uphold company-wide compliance. Privacy and security trainings are provided annually and as necessary. For example, employees must complete privacy-specific courses for both domestic and international compliance program requirements.

Our primary privacy training web portal features a hub, available to all employees, for privacy-related communications, news, courses and collateral. It also contains materials to help business teams understand consumer consent requirements under new state privacy laws.

We deliver company-wide events to underscore the importance of privacy compliance while “tone at the top” messaging materials further reinforce our position. 

Privacy Governance

Several internal bodies oversee our data privacy approach:

• Board of Directors Governance and Policy Committee and Audit Committee: Receive regular updates on privacy-related topics from our Chief Privacy Officer.
• Chief Privacy Office (CPO): Has management responsibility for privacy compliance programs.
• Chief Privacy Officer: Oversees the CPO, reports to AT&T’s General Counsel and is responsible for ensuring company operations adhere to AT&T privacy principles, policies, notices and commitments.
• Corporate Compliance Office: Oversees periodic testing of incident response plans in partnership with stakeholders like the AT&T Chief Security Office. The Compliance Oversight team conducts an annual risk assessment of company operations relative to privacy-control effectiveness and maturity. For more information, visit our Ethics & Integrity issue brief.
• AT&T Chief Data Office: Reviews, when necessary, advanced privacy protections. Their expertise in data de-identification and other privacy topics helps AT&T set privacy-related guardrails that have a scientific and mathematical foundation.
• AT&T Global Legal Demand Center: Includes a team dedicated to overseeing, reviewing and responding to law enforcement requests.
• AT&T Chief Security Office: Promotes compliance with AT&T’s security policies and network and information security program in a consistent manner on network systems and applications.

The Chief Privacy Office

The CPO oversees and implements privacy compliance programs in accordance with evolving international, federal and state legislation. It covers:

• Consumer Transparency: The CPO sets requirements and provides oversight to ensure consumers can exercise their individual rights under applicable privacy laws. This oversight includes compliance with consumer-privacy laws and regulations like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act.
• Privacy Updates: When new privacy laws are enacted, the CPO evaluates whether and how to update privacy disclosures, policies and notices, working with the business to provide related employee training as needed.
• Reviews: The CPO reviews business teams’ data use cases to analyze and approve proposed collection, use, sharing and processing. The CPO also verifies the continued accuracy of our policies and notices, consulting with business units on our representations regarding data collection, use and sharing.
• Collaboration: The CPO works with the business to address new and emerging issues in technology and data privacy.  

Stakeholder Engagement

Open discussion with industry peers, advocacy groups, leading privacy and business organizations, government organizations and regulatory agencies is key to maintaining best-in-class consumer data protections.

• Collaboration: AT&T regularly engages with The Conference Board, International Association of Privacy Professionals, Future of Privacy Forum, Business Roundtable and Center for Democracy and Technology.
• Advocacy: AT&T advocates for — and participates in discussions about — federal consumer-privacy legislation that unifies regulation for privacy, data security and breach notification consistent with standards developed and enforced by the Federal Trade Commission.
• Academic and Tech Partnerships: AT&T’s Chief Data Office cultivates academic and tech partnerships to create the next generation of data and privacy experts. 

AT&T took several steps in 2024 to enhance our privacy approach, guided by our constant focus on transparency and trust. This included consolidating various pages in our Privacy Center — such as creating a single page for our State Law Approach — to make it easier for customers to navigate to the content they want.

During 2024, we published a consumer health data privacy notice in line with new state law in Washington. In this notice, we detail the Consumer Health Data we collect, how and why we use it, and what choices customers have around the data we collect from them. We also published an event guest privacy notice to ensure we remain compliant with privacy laws around the world for those attending AT&T hosted events.