ESG Topics A-Z
Data Privacy
Why it matters
To PepsiCo:
Stringent data collection, storage, and management practices are vital to our business, as they help to build and preserve trust in our brands. PepsiCo's Privacy Principles, which guide our data practices, are a foundational part of our Global Code of Conduct, to which all employees are bound.
To the World:
With technology advances and widespread data availability, it has become harder for people to keep information private. They must rely on organizations that collect and use their personal information to help them maintain their privacy.
Approach
In the course of doing business, PepsiCo may collect personal data for a variety of reasons, such as gathering consumer information as part of a marketing promotion; job application information in the course of our HR processes; or consumer data collected via engagement with our websites, social media accounts, mobile device applications, etc. Privacy considerations address how this personal data is collected, used, stored, archived, and destroyed.
PepsiCo’s Global Compliance & Ethics Department (GC&E), led by the Global Chief Compliance & Ethics Officer, has primary responsibility for promoting, monitoring, and enforcing compliance and ethics at PepsiCo, including our privacy practices. PepsiCo has dedicated professionals across each of the Sectors in which it operates committed to managing personal data in keeping with these practices.
PepsiCo’s Privacy Principles establish the framework that PepsiCo follows with regard to our personal data collection and use practices. Under this framework, PepsiCo commits to the following:
- Lawfully and fairly collecting personal data that is relevant for the business purposes for which it will be used;
- Using personal data consistent with PepsiCo’s representations to individuals and to support business needs and legal requirements;
- Maintaining reasonable safeguards to protect personal data from unauthorized access, use, modification, disclosure, or destruction; and
- Monitoring compliance to provide transparency and demonstrate accountability.
Our Privacy Principles are incorporated within PepsiCo’s Global Code of Conduct, to which all employees are bound, and for which annual training is required. PepsiCo maintains privacy policies providing customers, employees and other third parties, with clear information about PepsiCo privacy practices. Examples of our privacy policies include:
- PepsiCo’s U.S. Privacy Policy
- PepsiCo’s Global Privacy Notice for Employees
- CCPA Privacy Notice for Employees
We also maintain several other policies and standards relevant to managing PepsiCo’s data and information resources. Examples of such policies include:
- PepsiCo’s Global Information Security Policy & Standards
- PepsiCo’s Global Acceptable Use Policy
- PepsiCo’s U.S. Records Management Policy
- PepsiCo’s Data Classification
- Global Information Security Requirements (applicable to Third Party Service Providers)
What's Next?
PepsiCo strives to comply with applicable privacy laws in the countries where we conduct business, including laws regarding the cross-border transfer of certain personal information. Our U.S. Privacy Policy discloses data collection and use policies as well as disclosures required by the California “Shine the Light” Law and California Consumer Privacy Act. Our European Privacy and Cookies Policy discloses data collection policies as well as our use of cookies within the European Union. Privacy Policies related to other jurisdictions can be found on the related global site.
We are mindful that the privacy legal landscape is rapidly evolving throughout the world. As such, each jurisdiction will prioritize compliance with applicable law, and we consider adjusting PepsiCo’s practices, as needed, in response to new legislative developments.
Related Topics
Last Updated
June 3, 2022