Safeguard privacy and protect data

28 Mar 2024
In today’s data-driven world, data protection and cybersecurity are essential.
Woman typing on a laptop on a wooden desk

At PMI, we use an array of expert-supported, state-of-the-art security solutions to help prevent, detect, and respond to events. 

Together with our Code of Conduct, internal policies and guidelines govern our activities and ensure our everyday work is conducted in a manner consistent with our values. In particular, PMI’s global policy on data privacy sets a standard for privacy governance and accountability. 

PMI’s Global Privacy Program (GPP) sets data privacy standards across markets and functions. It governs the collection, processing, and sharing of personal data by PMI affiliates. Our privacy team publishes privacy awareness materials and guidance for employees and contractors and regularly reports to PMI’s Corporate Risk Governance Committee on the business' adherence to the GPP. 

We use information systems to help manage business processes and collect and interpret data. We also use these systems to communicate internally and externally with employees, suppliers, consumers, and customers. Specialist third-party service providers manage some of our information systems, and we work with internal specialists to protect systems and data from unauthorized access. 

Employees and contractors play a fundamental role in protecting data. By being aware of potential threats and reacting to them appropriately, our community can help keep PMI secure. In 2023, we continued to train our workforce in data protection principles and information security. We complement our training with regular awareness campaigns and simulated phishing campaigns addressed to our entire workforce to help everyone practice recognizing and reporting phishing attempts and to identify weaknesses in advance of any real attempts the business might face. 

We also maintain a hub of resources on information security awareness, accessible to all employees and contractors. In addition to detailing good security practices to protect user accounts and data from cyber risk, these resources help our team remain vigilant to the indirect risks that can arise from activities such as online shopping or connecting to wireless networks. 

We invest in administrative, technical, and physical safeguards, including continuity planning to increase the resilience of our core processes and maintain information security protections in line with industry standards. We evaluate the adequacy of these preventative actions annually. In addition, PMI has an integrated program to manage cyber risks, protect PMI’s data, and safeguard the privacy of consumers and customers, including conducting third-party cyber risk assessments. 


The Chief Information Security Officer (CISO) is responsible for information security governance and reports to the Chief Digital & Information Officer, a member of Company Management. The Assistant General Counsel responsible for data privacy governance reports to the VP Regulatory Law and then into the General Counsel, a member of Company Management. Our Audit and Risk Committee is responsible for the review of, among other topics, the risk management of cybersecurity and data privacy risks, as well as data governance. 
blue block DL

View all Fundamentals

Read More
This online content about our Integrated Report should be read in conjunction with PMI’s Integrated Report 2023. This report includes metrics that are subject to measurement uncertainties due to inherent limitations in the nature and methods for data collection and measurement. The precision of different collection and measurement techniques may also vary. This report includes data or information obtained from external sources or third parties. Unless otherwise indicated, the data contained herein cover our operations worldwide for the full calendar year 2023 or reflect the status as of December 31, 2023. Where not specified, data comes from PMI financials, nonfinancials, or estimates. Unless explicitly stated, the data, information, and aspirations referenced in online content do not incorporate PMI’s wellness and healthcare business, Vectura Fertin Pharma. Regarding the Swedish Match acquisition, completed late 2022, unless otherwise indicated, online content does not include information pertaining to their sustainability performance. Please also refer to "This report at a glance" on page 2 of PMI's Integrated Report 2023 for more information. Aspirational targets and goals do not constitute financial projections, and achievement of future results is subject to risks, uncertainties and inaccurate assumptions, as outlined in our forward-looking and cautionary statements on page 214. In PMI's Integrated Report 2023 and in related communications, the terms “materiality,” “material,” and similar terms are defined in the referenced sustainability standards and are not meant to correspond to the concept of materiality under the U.S. securities laws and/or disclosures required by the U.S. Securities and Exchange Commission. 

Share this article