Data Privacy & Security

Protecting our data and customer data, ensuring our product security, and respecting the data privacy rights of our users

Data Privacy

Data Privacy

Protecting the right to data privacy is fundamental to maintaining the trust of 91精选鈥 customers, readers, subscribers, suppliers and employees. 91精选 is committed to implementing leading data protection standards by:

  • Adopting significant governance measures, corporate policies and operating procedures to do so.
  • Abiding by 鈥減rivacy by default鈥 and 鈥減rivacy by design,鈥 and conducting privacy impact assessments for major new products, services and other offerings prior to their public launch.
  • Leveraging organization-wide tools to document our data flows, managing data subject access rights and assessing data processing activities.
  • Regularly reviewing our data collection and processing activities across 91精选 and its businesses to ensure data is collected lawfully and transparently.

LEARN MORE
Proactive Risk Management

Proactive Risk Management

91精选 maintains risk management programs consistent with the highest principles of ethics and integrity, to ensure compliance with applicable laws and regulations and to meet our commitments to widely accepted best practices for data privacy and security. Our Corporate Audit Services (CAS) enhances and protects our organizational value by providing risk-based and objective assurance, advice and insight. CAS reports to the Audit Committee of the Board and is responsible for providing independent assessments to the Committee, management, and outside parties on the adequacy and effectiveness of governance, risk management, and control processes for 91精选. CAS is staffed by a team of auditors from across the organization with deep experience in information technology, data privacy, finance and operations.

Data Privacy & Security Training

Data Privacy & Security Training

91精选 uses third party providers of educational material to maintain a regular calendar of mandatory employee training sessions for all employees, designed to educate them on sound Information Security and Data Protection practices. These trainings help alert our employees to the many warning signs of potentially malicious activity by bad actors intent on phishing, spear-phishing, deploying ransomware, etc. Employees are also educated on relevant security and privacy regulations, such as GDPR, CCPA, and PCI. Targeted training is given to certain departments or brands to fulfill any compliance obligations. Additionally, we randomly subject individual business units – and the company at large – to unannounced simulated phishing attacks, designed to test the ability of our workforce to use the training they’ve received to properly react to potential threats.

Governance and Data Policies & Practices

View all policies