Allstate’s promise to help customers live a good life includes our commitment to protect their personal information.
In today’s world of hyper-connectivity and big data, customer privacy and data security has been thrust into the collective conscience of the business community. While information technology enables instantaneous communications, it has also prompted a need for new and innovative approaches to security, to keep pace with the rapidly evolving cyber threat landscape. As Allstate works to develop additional remote connectivity solutions and foster an integrated digital enterprise, we continue to dedicate resources to ensure these enhancements are secure, practical and beneficial for our customers.
We recognize how the quality of Allstate’s security program impacts our company’s reputation and our customers’ trust in us. We sell a promise to help our customers live a good life even in times of uncertainty. Customers experience the integrity and value of this promise, in part, through our ability to protect the information they share. By carefully and responsibly handling their information, we can advance our reputation among consumers, driving strong business relationships and creating shared value.
• We do not sell our customers’ personal or medical information to anyone.
• We do not share our customers’ information with non-affiliate companies that could use it to contact our customers’ about their own products and services, unless permitted pursuant to a joint marketing agreement.
• We require persons or organizations that represent or assist us in servicing our customers’ policy and claims to keep their information confidential.
• We require our employees to protect our customers’ personal information and keep it confidential.
Please see our privacy statement for more on how Allstate protects our customers’ personal information.
In addition to our privacy statement, Allstate has implemented the following policies:
• Our Enterprise Information Security Policy. This internal, proprietary policy covers the entire company.
• Our Information Technology (IT) Usage Policy. This policy governs our operations and helps ensure that customer data is not shared or altered inappropriately. Our Information Security Council (ISC), which includes our chief information security officer, technology officers and other select business officers, reviews this policy.
Allstate’s risk-based approach to developing a holistic information security strategy leverages the National Institute of Standards and Technology (NIST) Cybersecurity Framework, with support from other standards and best practices.
Cybersecurity risk oversight is provided by the audit, and risk and return committees quarterly, and the full Board as requested. Our chief information security officer regularly communicates key metrics and information to the Allstate Board of Directors. In addition, the CEO and senior executives at Allstate regularly receive reports on the status of ongoing cybersecurity initiatives. Allstate Information Security (AIS) owns and manages our standards and policies. A dedicated team within AIS monitors cybersecurity risks and conducts regular reviews. The chief information security officer works closely with the chief privacy officer and the privacy team. Finally, we collaborate with government agencies and other industry resources and information sharing groups to keep our leaders informed regarding cybersecurity trends and best practices.
Investing in a strong, integrated digital enterprise system with appropriate security controls is just one way we protect our customers’ data. We understand it comes down to people. Training our employees to maximize the value of these controls is a critical and complementary part of our cybersecurity management.
Annual Compliance Confirmation
Each year, we educate our employees on the privacy and cybersecurity protocols outlined in our policies. Participants must agree to comply with these protocols. We communicate with employees throughout the year and refresh their knowledge of Allstate’s enterprise security standards and practices.
We periodically update and review the content of this course to ensure it reflects current and emerging trends in cybersecurity, as well as new security installments, tools or standards. The training also revisits recurring problems in cybersecurity, such as phishing and ransomware, and provides clear guidance on how to mitigate these risks.
Supply Chain Data Security
Allstate emphasizes the importance of customer privacy and data security with vendors through our Procurement standards and practices. See Sustainable Procurement for more information.