PROCESS APPLIES TO

Follow this process when a privacy or security incident occurs.

Information Security Incident: An event that affects P&G information and/or systems and violates the law and/or Company policy/standards. These events may transpire within P&G systems or properties or within its designated third party vendor systems or properties that manage P&G data and/or systems (e.g., the P&G shareholder database). An Information Security Incident has or could compromise the confidentiality, integrity and/or availability of P&G information or operations and may be caused by P&G personnel and/or third party actors through intentional or unintentional means.

Privacy Incident: a type of Information Security Incident caused by any actual or probable unauthorized access to Personally Identifiable Information (PI), such as:

  • Internal exposure of PII to the wrong individuals.
  • External exposure of PII to the wrong individuals or to the public.
  • Data corruption that merges individuals’ PII.
  • Loss of hardware — computers, thumb drives, CDs, etc.
  • Unauthorized access to PII - hacking/theft/abuse.

WHAT TO DO WHEN YOU BECOME AWARE OF AN INFORMATION SECURITY OR PRIVACY INCIDENT

Immediately inform the P&G incident experts by emailing incident details to securityincident.im@pg.com . Include the following information, if available:

  • Cause of incident or potential disclosure and if the cause has been contained or remediated
  • Types of data involved (e.g., names, credit card numbers, government IDs, sensitive business information)
  • Location of impacted people and number of data records (if personal data involved)
  • Potential impact to Company systems and data

INCIDENT MANAGEMENT PROCESS

After you inform securityincident.im@pg.com, a team of Company experts will investigate and respond to the potential incident.