Responsible Use of Data and Technology
SASB: CG-MR-230a.1, CG-EC-220a.2
GRI: 3-3
G
Published: May 22, 2024
At a Glance
- Walmart’s Digital Trust Commitments provide a foundation for the company to earn and maintain customer trust in an omni-channel, data- and technology-driven world.
- Our cybersecurity programs work 24/7/365 to protect our data and infrastructure and our customers’ data.
- We pledge to use artificial intelligence (AI) transparently and responsibly, and always in line with Walmart’s values.
We seek to build and maintain the trust of customers, associates, suppliers, communities, and other stakeholders with respect to our use of technology and data, in line with our values of service, excellence, integrity, and respect for the individual.
Walmart’s customer proposition blends in-store and online experiences, creating a true omni-channel offering where we build trust through our values-based approach to data and technology. As a people-led, tech-powered omni-channel retailer, we use technology and data throughout our business to help delight customers and enable our associates’ work. Our commitment to responsible use of data and technology helps foster trust, because we implement measures to safeguard personal data and secure the systems that keep our business running.
While technology will continue to change how we operate, it does not change our values. Walmart’s Digital Trust Commitments provide a foundation for the company to earn and maintain customer trust in an omni-channel, data- and technology-driven world.
Walmart’s Digital Trust Commitments
Service
Our use of technology and data will be in service of people.
Excellence
We strive for excellence in our technology, making it simple, convenient and secure.
Integrity
We will use data responsibly and transparently and always with integrity.
Respect
Our data practices and technology will treat people fairly, with dignity and respect.
We put these commitments into practice through four areas of focus:
- Governance: Empowering appropriate oversight of our data and technology through accountable management.
- Promoting digital trust: Shaping decisions regarding new technologies, services, and data use to align with our Digital Trust Commitments.
- Protecting privacy: Safeguarding the use of customer and associate information to protect confidentiality and maintain trust.
- Cybersecurity: Protecting our information and digital infrastructure.
Governance
Walmart’s Board of Directors has delegated risk management oversight responsibility for information systems, information security, data privacy, and cybersecurity to our Audit Committee. For further discussion of the Audit Committee’s oversight of digital trust and cybersecurity, see Walmart’s 2024 annual report on Form 10-K.
Led by our Chief Counsel, Digital Citizenship (who reports to the Chief Legal Officer), Walmart’s Digital Citizenship team helps Walmart live up to our Digital Trust Commitments as we develop and implement emerging technologies, new services, and innovative ways to serve our customers. This team also tracks relevant laws and regulations and oversees Walmart’s privacy policies and notices. The team includes compliance and legal associates with expertise in digital values, emerging technology, cybersecurity, data privacy and governance, ethical AI and biometrics, and information management.
Our Chief Information Security Officer (who reports to the Chief Technology Officer) leads Walmart’s Information Security organization and has responsibility for overseeing Walmart’s cybersecurity program, which is supported by dedicated teams of cybersecurity personnel and professionals that help to assess, identify, monitor, detect and manage cybersecurity risks, threats, vulnerabilities and incidents.
In order to promote good practice, these teams provide recurring information security and data privacy training to our associates and certain third parties based on access, risk, roles, policies, standards, and behaviors. In FY2024, for example, approximately 1.4 million U.S. associates completed training covering information security and digital citizenship.
Digital Trust
We work to improve the customer and associate experience through our Digital Trust Commitments. We aspire to:
- Design globally and deploy locally: Models should be developed to be usable in as many places as possible, recognizing the need for increased controls, or non-use, in some markets. The technology should be flexible and scalable.
- Design for customer usability and choice: Technology usage should be clear and accessible to our customers. We aim to build and deploy technology in a way that emphasizes customer and associate choice.
- Decrease bias and increase transparency: Models should be designed, evaluated, and tested to reduce bias, both implicit and actual. Systems should be auditable and open. The outcomes produced by the technology should be fair.
For example, the Digital Citizenship team has developed frameworks to evaluate AI and machine learning models in order to mitigate bias and promote fair outcomes in the development and implementation of these tools at Walmart.
We also endeavor to shape the field with respect to digital trust, including by:
- Partnering with leading employers and institutions as a member of the not-for-profit Data & Trust Alliance, which released in November 2023 a set of proposed data governance standards intended to help companies understand datasets and their boundaries in a commonly-accepted format.
- Participating in the World Economic Forum’s Digital Trust Initiative Steering Committee and Working Group and contributing to WEF’s 2024 white paper on digital trust and individual agency.
Responsible Artificial Intelligence
We are finding ways to embed AI across our business, from how we improve experiences for our customers, members, and associates to how we get inventory through our supply chain and beyond.
- We launched a number of AI-powered customer solutions, including an AI-powered inventory management system for supplying customers with what they need, when they need it, and a GenAI search feature on iOS that will allow customers to search for products by use case instead of by product or brand names.
- We are also empowering our associates through GenAI. Walmart launched My Assistant, a GenAI-powered feature intended to help increase productivity and unlock transformation for campus associates.
As the pace of innovation increases and more sophisticated AI tools are integrated into our business, it’s important those we serve feel confident and comfortable with the ways we use technology. Walmart has adopted policies that guide our company in the design, implementation, and security of AI solutions, machine learning, and automated decisioning systems. And as we invest in this new technology, we hope to pave the way for the responsible adoption of AI in retail.
In October 2023, Walmart introduced our Responsible AI Pledge, which outlines our voluntary commitments to using AI responsibly for the benefit of our customers, members, and associates.
Walmart’s Responsible AI Pledge
Transparency
We commit to helping customers, members and associates understand how data and technology, including AI, are being used by our company and what our goals are as we use it.
Security
We will use advanced security measures to protect your data. We commit to continuously reviewing security practices aimed at mitigating current and emerging threats.
Privacy
We commit to evaluating AI systems so that the sensitive or confidential information we store is used in ways that protect privacy.
Fairness
We will evaluate AI tools for bias that have the potential to affect the lives of our customers, members and associates. We seek to mitigate bias and commit to regular evaluations.
Accountability
We will use AI managed by people. We commit to holding ourselves accountable for its impact.
Customer-centricity
We will measure customer satisfaction with AI interactions and listen to feedback. We commit to continual reviews of our AI tools to ensure the technology is accurate, relevant and helping those we serve live better.
Privacy
Privacy by Design
We aim to earn our customers’ and stakeholders’ trust by considering their privacy at every stage, beginning with design. Walmart’s Global Privacy by Design Policy requires associates to build privacy controls into the initial design, ongoing operations, and management of a given technology solution, business process, or project.
Communicating Privacy Information
Our privacy notices provide stakeholders with comprehensive information about the collection, use, protection, and sharing of personal information. In addition to our Walmart Privacy Notice, we maintain other U.S.-focused privacy notices relevant to our associates and suppliers, and those that cover our specialized operations including Health & Wellness and Financial Services. We also maintain jurisdiction-specific privacy notices in our international markets.
Walmart teams track privacy laws in the United States and other countries where we operate, assess their applicability and impact, and update our processes, practices, and notices as needed to address them. Read more on our Privacy and Security page.
In addition, Digital Citizenship maintains and implements Walmart’s global data incident response policies and procedures for reporting and addressing actual or suspected data incidents as appropriate. The policies are supported by data incident notification and regulatory reporting guidelines and standards.
Engaging with Stakeholders on Privacy
Walmart endeavors to shape the field with respect to digital trust, and we support policy that enhances consumer privacy in the physical, digital, and omni-channel world, including support of a national privacy law.
Read more: Responsible Engagement in Public Policy
Cybersecurity
As part of protecting Walmart’s customers, members, associates, and business partners, our cybersecurity operations run 24/7/365. Walmart’s approach to cybersecurity, including governance, risk management, and incident response are discussed in Walmart’s annual report on Form 10-K.
Our cybersecurity program is grounded by a suite of policies and standards that cover topics including roles and responsibilities; security requirements; security awareness and training; and escalation processes that associates can follow should they notice something suspicious. Associates are required to report known or suspected violations of the policies and policy violations may result in disciplinary action up to and including termination.
We maintain a security-aware culture through methods including data-informed and easily accessible learning modules, phishing exercises, gamified security awareness, tech talks, and awareness campaigns.
Gamification Cybersecurity Training
Virtual Escape Rooms
Our escape rooms use creative methods to integrate cybersecurity concepts with everyday situations.
During these immersive virtual experiences, associates must find their way through various threats and avoid security violations to “escape the room.” We have multiple versions focusing on real-life cyber threat tactics.
"Born Secure" Escape Room
The “Born Secure” Escape Room focuses on
- Physical Security
- Social Engineering
- Phishing
- Security Habits
- Passwords vs Passphrases
- Real World Threats
- Incident Response
Helping Customers Stay Safe in the Digital World
As our digital world expands, Walmart shares knowledge with our customers to build trust and help keep them secure online.
- We publish a customer-facing Cybersecurity Hygiene page that describes steps that customers can take to keep their private information safe and reduce cybersecurity risk.
- Walmart provides customers and the public with information about common digital scams and fraud situations, and particularly those involving the unauthorized use of Walmart’s name or brand.
Advancing the Cybersecurity Field
Walmart is committed to sharing its expertise to strengthen the information security community and help develop the next generation of cyber professionals. We have made significant contributions to various open-source information security projects and malware information-sharing forums, and we have built strong partnerships to share intelligence about cybersecurity risk across retail and other business verticals.
We also seek to grow and support the talent pool in the cybersecurity industry through participation in and sponsorship of programs including BEYA STEM Conference, Women of Color (WoC) STEM Conference, and Women in Cyber Security (WiCyS), in addition to the National College Cyber Defense Competition (NCCDC) and RSA Security Scholars program, which helps develop the next generation of cybersecurity experts.
- The size of Walmart's business, our geographic reach, the number of consumer transactions we make, and the nature of the information we collect to operate our business make us a target for threat actors. This is discussed in more detail in Walmart's most recent annual report on Form 10-K.
- Walmart is subject to a broad scope of industry data protection standards and protocols. Walmart also has compliance obligations associated with new and changing privacy laws and regulations, which sometimes include obligations inconsistent with other jurisdictions.
- Fast-evolving technology, such as AI, poses challenges in terms of development, flexibility, and scalability. These technologies change rapidly, and we must continually assess their relevance to our business, risks, and alignment with our digital values.