Our security protocols and practices ensures the protection of sensitive information and systems.
We apply stringent cybersecurity and data privacy protocols and practices throughout our systems. Our approach ensures the protection of our information, and that of our customers and others.
Cybersecurity
PPG's cybersecurity program is designed to protect and preserve the confidentiality, integrity and continued availability of all information that we own or is in our care. Our program is based on the U.S. National Institute for Standards and Technology (NIST) standards and other applicable industry standards.
Our cybersecurity program includes:
- a cyber incident response plan that provides controls and procedures for timely and accurate reporting of any material cybersecurity incident(s)
- easy-to-use tools for employees to report potential phishing emails
- annual security training for employees, including periodic phishing testing to ensure our employees remain vigilant and compliant with our expectations
- periodic testing of cybersecurity posture using third parties
Our vice president and chief information officer (CIO) oversees our cybersecurity program. The PPG Board of Directors' Audit Committee, which has oversight of cybersecurity risk, receives a bi-annual report and briefing from the CIO and chief information security officer (CISO) on cybersecurity matters. In addition, the full Board receives periodic briefings from the CIO on our cybersecurity program and any other relevant cybersecurity matters.
The full Board and the Audit Committee also periodically receive updates about the results of exercises performed by advisors that provide an independent assessment of our cybersecurity program and internal response preparedness.
We maintain insurance covering certain costs that we may incur in connection with cybersecurity incidents.
Data Privacy
Our internal data privacy policies are designed to prevent unauthorized access to, and disclosure of, personal information using a range of operational and technological safeguards. Our employees also receive training on data privacy concepts to prevent any misuse of personal information. When we share personal information with third parties, we take contractual measures to ensure such information is protected and processed in accordance with applicable laws. We closely monitor evolving data privacy and data protection legislation around the world and update our policies and procedures to comply with current regulations.
We have a global data privacy manager responsible for ensuring the ongoing compliance of PPG's data privacy and data protection policies and procedures, who reports to our chief compliance officer (CCO). The CCO oversees our data privacy program and provides regular reports to the PPG Board of Directors' Audit Committee.
Our privacy notices and statements outline how we collect, use and protect personal information provided to PPG. When personal information is no longer required, we destroy, anonymize or dispose of it using secure methods in accordance with applicable requirements.
Learn more, access our Global Data Privacy Statement and contact us at our privacy website.