At PMI, we use an array of expert-supported, state-of-the-art security solutions to help prevent, detect, and respond to events.
Together with our Code of Conduct, internal policies and guidelines govern our activities and ensure our everyday work is conducted in a manner consistent with our values. In particular, PMI’s global policy on data privacy sets a standard for privacy governance and accountability.
PMI’s Global Privacy Program (GPP) sets data privacy standards across markets and functions. It governs the collection, processing, and sharing of personal data by PMI affiliates. Our privacy team publishes privacy awareness materials and guidance for employees and contractors and regularly reports to PMI’s Corporate Risk Governance Committee on the business’s adherence to the GPP.
We use information systems to help manage business processes and collect and interpret data. We also use these systems to communicate internally and externally with employees, suppliers, consumers, and customers. Specialist third-party service providers manage some of our information systems, and we work with internal specialists to protect systems and data from unauthorized access.
Employees and contractors play a fundamental role in protecting data. By being aware of potential threats and reacting to them appropriately, our community can help keep PMI secure. In 2024, we continued to train our workforce in data protection principles and information security. We complement our training with regular awareness campaigns and simulated phishing campaigns addressed to our entire workforce with access to IT equipment to help everyone practice recognizing and reporting phishing attempts and to identify weaknesses in advance of any real attempts the business might face.
We also maintain a hub of resources on information security awareness, accessible to all employees and contractors. In addition to detailing good security practices to protect user accounts and data from cyber risk, these resources help our team remain vigilant of the indirect risks that can arise from activities such as online shopping or connecting to wireless networks.
We continue to make investments in administrative, technical, and physical safeguards, including continuity planning, to increase the resilience of our core processes and maintain information security protections in line with industry standards and best practices. We evaluate the adequacy of these preventative actions to reduce security incidents on an ongoing basis. In addition, PMI is implementing a cybersecurity risk program to manage cyber risks, protect PMI’s data, and safeguard the privacy of consumers and customers, including conducting third-party cyber risk assessments.
Management
The Chief Information Security Officer (CISO) is responsible for information security governance and reports to the Chief Digital & Information Officer, a member of Company Management. The Assistant General Counsel responsible for data privacy governance reports to the VP Regulatory Law and then into the General Counsel, a member of Company Management. Our Audit and Risk Committee is responsible for the review of, among other topics, the risk management of cybersecurity and data privacy risks, as well as data governance.
View all Fundamentals
Read MoreThis online content about our Integrated Report should be read in conjunction with PMI’s Integrated Report 2024. This report includes metrics that are subject to uncertainties due to inherent limitations in the nature and methods for data collection and measurement. The precision of different collection and measurement techniques may also vary. This report includes data or information obtained from external sources or third parties. Unless otherwise indicated, the data contained herein cover our operations worldwide for the full calendar year 2024 or reflect the status as of December 31, 2024. Where not specified, data comes from PMI financials, nonfinancials, or estimates.
Unless explicitly stated, the data, information, and aspirations in this report do not incorporate PMI’s wellness and healthcare business, Aspeya. Regarding the Swedish Match acquisition, completed late 2022, unless otherwise indicated, this report includes information pertaining to its sustainability performance. Please also refer to "This report at a glance" on page 2 of the PMI’s Integrated Report 2024 for more information. Aspirational targets and goals do not constitute financial projections, and achievement of future results is subject to risks, uncertainties and inaccurate assumptions, as outlined in our forward-looking and cautionary statements on page 206. In PMI’s Integrated Report 2024 and in related communications, the terms “materiality,” “material,” and similar terms are defined in the referenced sustainability standards and are not meant to correspond to the concept of materiality under the U.S. securities laws and/or disclosures required by the U.S. Securities and Exchange Commission.