Cybersecurity and Data Privacy
PPG's cybersecurity program protects and preserves the confidentiality, integrity and continued availability of our networks, systems and information. We follow the U.S. National Institute for Standards and Technology (NIST) and other applicable industry frameworks. We implement physical, organizational and technological safeguards to protect information about our customers, employees and suppliers.
Our data privacy policies are designed to prevent unauthorized access to, and disclosure of, personal information using a range of operational and technological safeguards. Our employees receive comprehensive training on data privacy concepts to prevent misuse of personal information.
Cybersecurity and data privacy governance improvements
We regularly assess and measure against industry practices to identify opportunities to improve people, processes and technology used to identify, prevent, detect, respond and recover from cybersecurity incidents. A key focus in 2023 was strengthening corporate governance over data privacy along with continued investment in cybersecurity at PPG. We established an executive council to oversee the management of our information technology (IT) and cybersecurity programs. Ensuring that our leadership has a clear understanding of cybersecurity risks and strategies also helps us appropriately allocate resources to address these issues.
The data privacy and compliance organization have a close collaboration and frequent touchpoints. The effort comprises members from our IT and compliance teams, and their goal is to foster collaboration between these two key functions. The functions meet regularly and review IT-related compliance risks and ensure we remain current with regulatory requirements as they evolve. In the data privacy area, we formed a Global Data Privacy Council with members representing key stakeholders from departments handling personal information or supporting relevant systems and processes. The council oversees all data privacy compliance activities at a global level.
Progress in addressing cybersecurity and data privacy issues is crucial for maintaining trust with PPG's stakeholders. We will continue to monitor digital threats and adapt our approach to safeguarding confidential information.
Reducing emissions from data centers
Data centers are important enablers of PPG's operations, as they allow for the electronic storage, processing and dissemination of data and applications. Physical data centers are energy intensive and rely on continuous and reliable electricity. As part of our efforts to reduce energy use across the company, we have been transitioning our data to cloud service providers, such as AWS and Azure. These cloud providers are more than three times as energy efficient when compared with our internally managed physical data centers.
As of the end of 2023, 72% of our IT operations are managed through the cloud. We were able to shut down four out of eight physical data centers, which reduced our annual energy consumption by an estimated 940mWh. This transition also reduced our greenhouse gas emissions by 471 metric tons of CO2 equivalent, comparable to 112 gasoline-powered passenger vehicles driven for one year.
For more information about how we approach cybersecurity and data privacy, see below.
Learn more, access our Global Data Privacy Statement and contact us at our privacy website.