Process Applies To
Follow this process when a privacy incident occurs. A privacy incident is an actual or potential access by unauthorized persons to Personally Identifiable Information (PII) or the misuse of PII collected, used or stored by P&G or its designated third parties.
Examples of a Privacy Incident
- Internal exposure of PII to the wrong individuals
- External exposure of PII to the wrong individuals or to the public
- Permission/opt errors
- Unsecured PII transfer
- Data corruption that merges individuals PII
- Loss of hardware computers, thumb drives, CDs, etc.
- Unauthorized access to PII - hacking/theft/abuse
What to do when you become aware of an incident
Immediately inform the P&G privacy incident experts by emailing incident details to firstname.lastname@example.org (or contact the P&G Helpline - see information at this link), who will notify the appropriate Privacy Incident Leader. Include the following information, if available:
- Cause of disclosure and if the cause has been contained or remediated.
- Types of PII disclosed (i.e. Names, credit card numbers, bank account information, government IDs, etc).
- Location of impacted persons (state and country).
- Number of persons impacted.
Incident Management Process
After you inform email@example.com (or the P&G Helpline) of the privacy incident they will follow this process:
- Secinrep/P&G Helpline will identify the appropriate Privacy Incident Leader.
- The Privacy Incident Leader will form an incident team with the relevant multifunctional members in the affected region(s) to investigate and contain/remediate the incident.
- The incident team will notify impacted persons and or government authorities, where appropriate.
- The Privacy Incident Leader will document the incident in the corporate incident management database.
- The consumer, shareholder, employee or individual(s) affected is "boss," and P&G is committed to appropriately managing and protecting individuals PII.
- Incidents are escalated promptly so the right individuals can resolve the incident quickly.
- Privacy incidents are reported to identify trends and share experiences in order to improve P&G Global Privacy Program.