Global Reporting Initiative Reports

GRI Indicator 418-1
Reporting Level Complete
Sustainable Development Goals

Substantiated Complaints Concerning Breaches of Customer Privacy and Losses of Customer Data

In 2019, Interpublic Group (IPG) identified no substantiated complaints regarding breaches of consumer privacy, nor did we identify any leaks, thefts, or losses of customer data

In 2019, Interpublic Group (IPG) identified no substantiated complaints regarding breaches of consumer privacy, nor did we identify any leaks, thefts, or losses of customer data. IPG experienced no monetary losses from consumer privacy-related legal proceedings. Additionally, IPG Corporate does not use customer data for secondary purposes without approval.

Just as our clients deserve control over their marketing and advertising campaigns, individuals deserve control over their data. The growing role of data and technology brings greater responsibility for promoting high standards in data management, privacy, and security.

Understanding data and its power is essential to the current and future success of every company, as is an ethical and conscious approach that respects consumer privacy and promotes brand safety. These considerations are crucial as we look ahead to increased regulation for digital media. IPG has taken a strong position on transparency and ethics in all our business practices.

IPG aims to be the lead holding company in providing privacy-compliant services and solutions. We build privacy into our business strategies, allowing our network to create better solutions to help clients address their privacy needs. Going forward, IPG will continue to enhance the technology layer within our offerings and to build tech-enabled marketing solutions. This strategic focus allows us to deliver both personalized user experiences and more accountable marketing for brands.

Privacy and Data Audits: To protect privacy and data, IPG runs audits on the following schedule:

  • Annually: Internal audits of information technology (IT) and security controls, and external attack and penetration testing performed by a third party.
  • Monthly: Vulnerability scans are run on all assets within the IPG Internet Protocol (IP) range.
  • Weekly: Vulnerability scanning is conducted by agents.

Additionally, IPG conducts the following exercises: technical simulations to test people, processes, and tools; threat hunts to scan for secure configuration; and tabletop exercises to prepare staff wo are involved with incident response. We also conduct employee training on Data Protection and Information Security. The training covers high-level privacy, security, and data protection. In 2019, IPG had a 97% completion rate for this employee training. If an employee continually fails simulated attacks, managers may address this through employee performance reviews or other means.

Within the past two years, IPG has gauged privacy policy compliance through conducting a General Data Protection Regulation (GDPR) internal audit, and in 2020 an external audit was conducted by EY.

Policies and Procedures: IPG maintains a publicly available Website Privacy Notice, as well as an internal Privacy Policy (SP&P 605), which is highlighted in the IPG Code of Conduct. IPG has additional internal policies and procedures covering the following topics:

  • Incident Response
  • Information Security
  • Data Classification
  • Cloud Security
  • Access Controls
  • Remote Access
  • Acceptable Use of IPG information and systems
  • Information Exchange & Electronic Communications
  • Internet of Things (IoT)
  • Remote Access
  • Social Media

Oversight of IT Security: IPG’s Chief Information Officer and Chief Information Security Officer provide a mid-year joint update to the Board of Director’s Audit Committee on IT security and cybersecurity, followed by a year-end status update provided to the full Board of Directors.

Employees can contact or call 888-IPG-8778 to report suspicious activity.