Digital responsibility Privacy and
data protection

We recognize that protecting data privacy is fundamental to maintaining the trust of our customers and growing our business. Our company is also impacted by current and emerging federal, state and international laws related to privacy and data protection. Privacy protection is therefore a strategic priority for Verizon, and we have established strong governance measures to protect the privacy and security of customer information and to ensure compliance with privacy legislation.

Verizon has adopted corporate policies and operating procedures governing how we collect, use, retain and protect data. Detailed information about Verizon’s privacy policies and practices can be found at the main Privacy Policy page on our corporate website. Our work in this area is conducted under the oversight of our Chief Privacy Officer, who reviews and discusses data privacy risks and mitigating actions with the Audit Committee of our Board of Directors at least annually. Our policies and procedures are subject to controls such as internal audits, observations, testing, employee and vendor training, and internal attestations that all serve to promote ongoing compliance by the business. We also continuously monitor for new and modified international, federal, state and local laws, as well as relevant interpretations of existing laws, and we update our processes and procedures as needed.

Our core privacy principles and standards extend to our subsidiaries, including Verizon Media. Verizon Media operates a global network of digital products and services, some of which engage in the purchase, sale, delivery and measurement of digital advertising. Verizon Media provides its users with information about how it collects, uses and shares their data along with substantial user controls to manage that data. Verizon Media also maintains operational and technical controls to protect against unauthorized uses. These controls are audited on a regular basis.

Our stewardship of personal data

How we handle information throughout the process of collection, use, disclosure and retention impacts the privacy of personal data. Verizon’s stewardship of personal data involves maintenance of controls at every phase of the information life cycle. We disclose our practices and have in place policies related to each phase. We conduct privacy compliance reviews when we develop products, systems or other initiatives; offshore work through our global clearance process; and purchase or sell assets. Verizon’s privacy impact assessment (PIA) process provides a platform for formalized review of initiatives that involve customer personal data. We have also implemented a third-party risk management process that focuses on our highest-risk suppliers.

Collection and use. We collect and use information according to our publicly available privacy policies and, in the case of business customers, according to our contracts. Our practices are designed to protect and respect consumers’ privacy and the choices consumers make concerning the use of their data. Verizon gives customers easy-to-understand privacy choices, including opt-in choices, based on the sensitivity of their personal data and how it will be used or disclosed.

Disclosure. In general, we share information within Verizon and with vendors and partners as described in our privacy policies. We take measures to protect information that we disclose to our vendors and permit them to use it only for the purpose for which we provide it.

Data retention and destruction. We maintain corporate policies governing data retention, and we also review data retention practices as part of our privacy impact assessment process. Under our practices and policies, we retain personally identifiable and other sensitive records only as long as reasonably necessary for business, accounting, tax or legal purposes. Data destruction is split between two internal Verizon policies, one that governs media sanitization and disposal and another related to data retention that details when data should be destroyed. We also meet the requirements of our enterprise customers by contractually agreeing to unique data retention timelines and data destruction practices when needed.

To meet Verizon’s commitment to protect personal data, our employees are responsible for cooperating with and assisting business owners in fulfilling the obligations and requirements of Verizon’s information security policy, as well as in complying with applicable laws. We also impose Verizon information security requirements on suppliers who handle customer data, and we impose additional requirements on suppliers who handle EU/international personal data.

As it relates to the practices we use to ensure that data is stored securely, Verizon has technical, administrative and physical safeguards in place to help protect against a variety of information security risks and cyber threats. Verizon’s Chief Information Security Officer is responsible for leading, and as appropriate, coordinating, enterprisewide information security strategy, policy, standards, architecture and processes. Verizon employees undergo regular training on our policies and procedures relating to privacy and information security and are subject to Code of Conduct requirements directed toward the protection of the company’s information assets, as well as customer privacy.

Our privacy impact assessment processes

We maintain a PIA process to review products sold and systems used across the business. This process aligns in many respects with the policies outlined in the U.S. Office of Management and Budget’s “Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002” (OMB M-03-22). We use PIAs to identify legal, regulatory and policy requirements related to privacy and also to determine risks associated with data processing as required under OMB M-03-22. We also use PIAs to evaluate before an IT system is deployed whether data will be protected and to determine whether there are ways to mitigate privacy risks.

Verizon Media maintains a similar PIA process that it has conducted as part of all new product and feature launches.

Protecting children’s online privacy

We are committed to protecting the privacy of children, including by complying with the Children’s Online Privacy Protection Act (COPPA). When Verizon operates online services covered by COPPA, we do not knowingly collect personal information from children under 13 without parental consent except where such collection is expressly permitted under COPPA for purposes of internal operations. We provide parents with information about their rights under COPPA, including instructions about how they can review information collected from children. In addition, we comply with the California Consumer Privacy Act’s provisions related to the privacy rights of minors, which allow California residents under age 18 who are registered users of online sites, services or applications to request and obtain removal of content or information that they have publicly posted.

Behavioral advertising

Verizon has followed the Digital Advertising Alliance’s (DAA) self-regulatory principles and served on the DAA advisory board since its inception. We follow the DAA self-regulatory principles for online behavioral advertising and for multisite data, as well as the DAA guidance related to the application of its transparency and control principles to the mobile and cross-device environments. In accordance with these industry self-regulatory principles, we require that advertising companies disclose when they are using interest-based advertising techniques to deliver interest-based ads on our sites and apps as well as when they deliver Verizon ads on other sites. We also require them to offer the ability for users to opt out of this use of their information.

We also have an advertising program, Verizon Selects, that helps us and third-party advertisers personalize customers’ experiences and makes promotions, offers and ads better match their interests across the devices they use. Customers must opt in to participate in Verizon Selects. The program uses web browsing, location, app usage and other information we collect, including information from Verizon Media, to determine whether customers fit within audiences advertisers would like to reach. More details about the program and the information it uses are available in the Verizon Selects FAQs on our website.

Verizon Media works closely with the DAA and other industry self-regulatory bodies, such as the Network Advertising Initiative (NAI) and Internet Advertising Bureau’s (IAB) US, European, and UK chapters. The principles designated by these bodies, and applicable regulatory obligations, inform and shape Verizon Media’s oversight of its behavioral advertising practices. For example, Verizon Media is fully integrated into the DAA, NAI and European Interactive Digital Advertising Alliance opt-out programs, as well as the IAB’s EU Transparency and Consent Framework that provide users with industry-level controls. These industry controls are in addition to the privacy choices that we provide users via our privacy dashboard. Users can therefore opt out of Verizon Media’s provision of behavioral advertising, whether users interact with us directly or through our partners.

Addressing DAA principles

Education. When the DAA guidelines were first introduced and the icon first came into being, the DAA and all member companies launched a customer education campaign including digital ads about the icon and an educational website explaining behavioral advertising. We participated by providing ad impression spaces and otherwise promoting the DAA. That educational effort evolved into the DAA site and the “Ad Choices” page. We support the DAA and this process by licensing the icon and being part of the DAA advisory board.

Transparency. We explain our data use practices related to online behavioral advertising in our privacy policies and our “About our Ads” information available as links in the footer of Verizon website pages. We also include information about behavioral advertising practices in our app privacy policies where it is relevant. With respect to our Verizon Selects program, customers are presented with information about the program and must opt in before any data is used for the program.

Consumer control. Our notices provide instructions on how customers can opt out of the use of their information for online behavioral advertising purposes. Customers who join Verizon Selects may opt out of participating at any time. They also have the option to delete certain data, including location and web browsing information, at any time.

Data security and retention. We have administrative, technical and physical safeguards in place to guard against unauthorized access to or use of data. Our policies provide for the retention of data only for as long as it is needed for legitimate business, accounting and legal purposes.

Material changes. If we elect to use or disclose identifiable information in a manner that is materially different from that stated in our policy at the time we collected that information, we provide users with a choice regarding such use or disclosure by appropriate means, which may include use of an opt-out mechanism.

Sensitive data. In addition to abiding by COPPA, we prohibit the use of sensitive data such as financial information and social security numbers for online behavioral advertising purposes or for the Verizon Selects program.

Accountability. We maintain accountability through our participation in the DAA, the industry-wide program founded jointly by the Direct Marketing Association, the IAB, the NAI, the Association of National Advertisers, the Better Business Bureau National Programs and the national trade association of advertising agencies, the 4As.

Privacy by design

We assess all new products and services for human rights, privacy and security concerns. Before any new product is brought to market, we embrace a design approach called privacy by design—to make sure we are embedding privacy considerations from the beginning. We also consider the human rights impacts of our products and take other appropriate steps to provide our customers with strong and meaningful privacy and security protections post-launch. Finally, we continue to advocate for a uniform federal privacy framework that can apply to all players in the digital technology ecosystem and make clear, consistent rules of the road for everyone so that our customers’ trust and privacy come first—no matter how they use their devices, apps or services.

In 2019, we updated our Privacy Policy to be easier to read, understand and navigate. Also, on January 1, 2020, as the California Consumer Privacy Act became state law, we launched our Verizon Privacy Dashboard, which allows all Verizon consumers to access and manage their personal information.

Verizon was one of the original signatories to the GSMA Digital Declaration, launched in 2019, which calls on businesses to respect the privacy of digital citizens, handle personal data securely and transparently, take meaningful steps to mitigate cyber threats, and ensure everyone can participate in the digital economy as it develops while combating online harassment. The pillars of the Digital Declaration are intended to ensure the internet is kept as an open platform for expression and a driver of innovation.

Requests from law enforcement

Verizon publishes semiannual reports online that present the number of demands we receive from law enforcement in the United States and other countries in which we do business. To learn more about how we handle government requests for customer information, both in the U.S. and internationally, please see our most recent reports.