Digital citizenship: ethical use of data & responsible use of technology

SASB: CG-MR-230a.1
G | Last Updated: July 7, 2021

Our aspiration

Our aspiration

We seek to build and maintain the trust of customers, associates and communities with respect to our use of technology and data, in line with our values of service, excellence, integrity, and respect for the individual.

Digital Citizenship/walmart-pay.jpg
Digital Citizenship/digital-trust-commitments.jpg

Relevance to our business & society

Walmart seeks to become the most trusted retailer. As our customer proposition has evolved beyond stores and clubs to become a more digital, omni-channel offer that blends online and in-store experiences, our approach to data and technology has become central to building trust.

Today, almost every aspect of Walmart’s business relies on the use of technology and data, including business sensitive and proprietary data as well as personal data from our customers. Our customers trust us to use their data to help provide them with relevant and exciting products, services, shopping experiences and innovative ways to help them save money and live better. As governments move to regulate companies’ conduct in the digital space, Walmart believes that our commitment to ethical use of data and technology helps build customer trust in our brand and products and helps mitigate the risks of improper data and technology practices.

Walmart’s approach

While technology will continue to change how we operate, it doesn’t change our values. Walmart’s digital trust commitments provide a foundation for the company to earn and maintain customer trust in an omni-channel, data- and technology-driven world.

We put these commitments into practice through four key areas of focus:

    • Promoting fairness. Through the guidance of Walmart’s Digital Citizenship team, shaping decisions regarding new technologies, services and data use to be in alignment with Walmart’s Digital Trust Commitments.
    • Protecting privacy. Maintaining policies and controls regarding the use and sharing of customer and associate information to build trust and protect confidentiality while providing excellent customer service.   
    • Data, records and information management. Supporting data and technology uses through policies and procedures, associate training, and monitoring and assessment. 
    • Cybersecurity. Protecting our information and digital infrastructure from cyber intrusions through adherence to third-party standards, incident reporting policies and escalation practices, vulnerability testing, and continuous improvement.  

    Key strategies & progress

    Promoting fairness | Protecting privacy | Data, records & information management | Cybersecurity

    Promoting fairness

    Walmart’s Digital Citizenship team helps the company achieve our digital trust commitments as the company develops and implements new technologies, new services and new ways to capture and use data. The team includes business, compliance and legal associates with expertise in digital values, emerging technology, privacy, data, records, information management and cybersecurity. The team partners closely with Walmart’s business teams, including Operations, Marketing and Technology (for example, Data Strategy and Insights, and the Information Security teams).

    Digital Citizenship/walmart-pay-screen.jpg

    For example, the Digital Citizenship team has developed Biometric Principles to reduce bias and promote fair outcomes in the development and implementation of tools that use biometric data.

    • Design globally and deploy locally: Technology should be developed to be used in as many places as possible, recognizing the need for increased controls, or non-use, in some markets. The technology should be flexible and scalable.  
    • Design for customer usability and choice: Technology usage should be clear and accessible to our customers. We will build and deploy technology in a way that prioritizes customer and associate choice. 
    • Decrease bias and increase transparency: Technology should be designed, evaluated and tested to reduce bias, both implicit and actual. Systems should be auditable and open. The outcomes produced by the technology should be fair. 

    As Walmart expands into new service offerings, we are focused on Walmart’s digital presence as well. Our Digital Values team includes professionals who manage governance for our websites and mobile apps. We help guide decisions regarding the use of data, including sharing data with third parties and the use of data in advertising and marketing efforts. The team helps business partners understand the rapidly changing technology landscape and implications for Walmart initiatives.

    Protecting privacy

    Governance

    The Audit Committee of Walmart’s Board of Directors oversees data privacy as part of its information security and cybersecurity oversight responsibilities. Walmart’s Digital Citizenship team helps to oversee Walmart’s compliance with our privacy policies and applicable laws. Our associates and service providers are required to commit to managing personal information appropriately and in accordance with Walmart’s policies and applicable laws.

    Digital Citizenship/mobile-purchasing.jpg

    Through Walmart’s privacy policies, we aim to provide customers, associates and other stakeholders with clear, prominent and easily accessible information on how we collect, use, share and protect personal information. We regularly update our policies to cover the use of new technologies and services. Our policies explain how and why we collect personal information; how personal information is used and protected; and when and with whom information is shared.

    Examples of our privacy policies include:

    • Walmart Privacy Policy. We collect data to enhance our customers’ experience, protect the security of our business, help prevent fraud, conduct business analyses and to fulfill our legal obligations. Our privacy policy also explains how we collect, share and protect customers’ personal information. 
    • Walmart Associate Information Privacy Policy. This policy explains how we collect and use personal information from our associates and outlines the steps we take to keep it safe. We expect associates and business partners that handle associate information to take reasonable measures to maintain the confidentiality of all associate information and to do so in accordance with our policies and the law.  
    • Walmart Supplier Privacy Policy. We use reasonable security measures to protect suppliers’ personal information. These measures may include physical and technical security access controls or other safeguards, information security technologies and policies, procedures to help ensure the appropriate disposal of information, and training programs. We have a team of associates who are responsible for helping to protect the security of personal information.  

    We have a number of other privacy-related policies, please see below for full list. Walmart tracks emerging data privacy laws and implements compliance programs across the global enterprise. In recent years, Walmart and its international affiliates have created programs to comply with the General Data Protection Regulation (GDPR) in Europe, the California Consumer Privacy Act (CCPA) and many other laws in countries where we operate.

    To contact Walmart about privacy inquiries or concerns, visit our Store and Corporate Feedback page and select “Company Feedback and Questions” from the menu to contact the Customer Service team or write to the Walmart Privacy Office.

    Engaging with stakeholders on privacy

    Walmart works with policymakers to enhance consumer privacy in the physical, digital, and omni-channel world. We strongly support bipartisan efforts toward a national privacy law that would protect the rights of all consumers in the U.S. and preempt a patchwork of state laws, which may be inconsistent and confusing for our customers.

    Data, records & information management

    To earn and maintain the trust of our customers, associates and business partners, Walmart focuses on effective and efficient management of our data and information assets through our global Data, Records and Information Management teams, practices and policies.

    Data policies include information regarding:

    • Global data governance: Defines and describes the role of good data governance as part of our evolving, data-driven business. 
    • Data roles and responsibilities: This policy defines the roles and responsibilities of different roles within Walmart that create and handle data, providing clarity of purpose. 
    • Data classification: This policy allows our business to accurately classify data, which is foundational to Walmart’s proper handling, securing, use and sharing of data and information. It defines which Walmart data is Highly Sensitive, Sensitive and Non-Sensitive, with guidance around required controls and restrictions for each. 
    • Data sharing: This policy helps our business understand the proper controls required when data is shared within our business as well as with external stakeholders, including giving guidance to the systems and processes required to enable sharing.
    • Data products: Our data products policy provides guidance for business units creating internal or commercial products based on Walmart data, including how to register these products, restrictions on data types that can be included and corporate approval mechanisms for any data products.  
    Digital Citizenship/financial-services.jpg

    We have mandatory trainings for our associates to understand the policies relevant for their functions and business units, and we engage business leaders to implement the policies through functional business processes, practices and tools.

    Cybersecurity

    Governance

    The Audit Committee of Walmart’s Board of Directors oversees cybersecurity and information security for the company. The Audit Committee meets with the company’s CEO, Chief Legal Officer, Chief Audit Executive and Global Chief Ethics and Compliance Officer among others on separate occasions. Walmart’s Chief Information Security Officer is responsible for cybersecurity within the company.

    Walmart associates have mandatory trainings on internal information security and cybersecurity policies. These policies include escalation processes that associates can follow should they notice something suspicious; associates are required to report known or suspected violations of the policies. Vendors are also required to manage Walmart’s information securely and to report any incidents involving violations of the policies. Severe incidents are escalated to the highest levels of Walmart’s management. Any violations may result in disciplinary action up to and including termination or legal action.

    Processes & procedures

    We annually assess our cybersecurity programs against third-party standards including NIST-CSF, PCI, HIPAA and SOX. In FY2021, external auditors reviewed our information technology infrastructure and our information security management systems.

    Internally, Walmart tests multiple aspects of cybersecurity such as incident response, business continuity and disaster recovery on a frequent basis. Our vulnerability testing program includes (1) testing in our software development life cycle, (2) penetration testing, (3) our dedicated red team and (4) vulnerability scanning. Walmart uses several methodologies, including tabletop exercises and incident response testing and vulnerability analyses that simulate attacks. At least semi-annually, we test business continuity, contingency plans and incident response procedures.

    Further, to protect our global enterprise, we developed a program based on the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity. We have established procedures for responding to data incidents around the globe, including when and how to engage with internal management, stakeholders and law enforcement.

    Challenges

    Throughout the customer journey, Walmart relies on data and technology to help us know our customers better. This yields a large amount of information that must be carefully managed, but it also offers us an opportunity to more strategically leverage our unique data sets to become an even more trusted retail technology company.

    • There are inconsistent and sometimes competing laws and regulations, particularly regarding consumer privacy; laws and regulations are constantly emerging and developing. 
    • The size of Walmart's business, our geographic reach, the number of consumer transactions we make, and the nature of information we collect to operate our business make us a target for bad actors. Walmart's systems, information and infrastructure are regularly threatened by cyber threats and cyber-attacks, as discussed in more detail in Walmart's most recent annual report on Form 10-K. 
    • The success of Walmart's digital citizenship and cybersecurity programs depends on the performance of a variety of third-party service providers.

    Additional resources