Process Applies To

Follow this process when a privacy incident occurs. A privacy incident is an actual or potential access by unauthorized persons to Personally Identifiable Information (PII) or the misuse of PII collected, used or stored by P&G or its designated third parties.

Examples of a Privacy Incident

  • Internal exposure of PII to the wrong individuals
  • External exposure of PII to the wrong individuals or to the public
  • Permission/opt errors
  • Unsecured PII transfer
  • Data corruption that merges individuals PII
  • Loss of hardware computers, thumb drives, CDs, etc.
  • Unauthorized access to PII - hacking/theft/abuse

What to do when you become aware of an incident

Immediately inform the P&G privacy incident experts by emailing incident details to securityincident.im@pg.com (or contact the P&G Helpline - see information at this link), who will notify the appropriate Privacy Incident Leader. Include the following information, if available:

  • Cause of disclosure and if the cause has been contained or remediated.
  • Types of PII disclosed (i.e. Names, credit card numbers, bank account information, government IDs, etc).
  • Location of impacted persons (state and country).
  • Number of persons impacted.

Incident Management Process

After you inform securityincident.im@pg.com (or the P&G Helpline) of the privacy incident they will follow this process:

  • Secinrep/P&G Helpline will identify the appropriate Privacy Incident Leader.
  • The Privacy Incident Leader will form an incident team with the relevant multifunctional members in the affected region(s) to investigate and contain/remediate the incident.
  • The incident team will notify impacted persons and or government authorities, where appropriate.
  • The Privacy Incident Leader will document the incident in the corporate incident management database.

Why

  • The consumer, shareholder, employee or individual(s) affected is "boss," and P&G is committed to appropriately managing and protecting individuals PII.
  • Incidents are escalated promptly so the right individuals can resolve the incident quickly.
  • Privacy incidents are reported to identify trends and share experiences in order to improve P&G Global Privacy Program.