Privacy

Upholding strong privacy principles and effective safeguards to protect personal data and maintain customer trust.

Click through to learn about our 2025 impact in action.

Our Approach

Responsibly managing customer and employee data is fundamental to how we operate. Our global privacy program and principles underpin everything we do:

Transparency: We’re open and honest about how we use your data.
Choice and Control: You control how we use your data.
Security: We use strong safeguards to keep your data confidential and secure.
Integrity: We do what we say.

We integrate privacy considerations when developing all services and capabilities and conduct annual risk assessments to continuously improve our approach. We set targets for timely responses to privacy requests and assess our performance against those targets.

A Policy-Driven Commitment

Several policies support our privacy commitments, including our Code of Business Conduct, which all AT&T employees, suppliers, contractors and other third parties that do work for AT&T must review and adhere to. Other relevant policies include AT&T security policies and standards and internal privacy guidelines. Any employee who does not comply with our policies or guidelines governing data use and collection may face discipline, up to and including termination. For more information, see our Cybersecurity issue brief.

Giving Consumers Choice and Control

Our Privacy Notice explains how we use and protect consumer information as well as the choices consumers can make about how their information is used. The notice includes an accessible chart detailing the types of information we collect from individuals, including personal and sensitive information, along with the specific purposes for collection. We also offer clear opt-in choices for our Personalized Plus program, which governs the use and sharing of certain personal data.

Information on our privacy and data use approach, as well as links to privacy choices and security tips, is available through the AT&T Privacy Center and the AT&T Mexico Comprehensive Privacy Notice, which are available on our website and the myAT&T app. Privacy policies and notices for AT&T’s apps and services are accessible in-app and on services’ websites. Through both, consumers can explore choices for opting out of certain data collection and marketing programs, such as behavioral advertising.

Our Privacy Choices consent portal helps customers make privacy choices and provide consent; we also offer a tool for opting out of email marketing. In addition, the AT&T ActiveArmor® mobile security app allows customers to view all privacy and security resources on one platform. This free app also helps block spam calls, secure personal data and create a personal block list.

We regularly update our Privacy Notice to ensure ongoing alignment with evolving regulations. The Global Approach section of our Privacy Center details our compliance with privacy laws and regulations across geographic areas outside of the U.S. The State Law Approach section details how we comply with state-specific privacy laws. We extend common elements of numerous privacy laws to our products and services globally while also accounting for locally relevant laws wherever we offer services.

Putting Controls in Place

Using robust internal governance mechanisms, we strive to ensure appropriate data-handling and downstream record integrity for our customers. Our Privacy Impact Assessment process also serves as a key control for evaluating data uses and helping ensure alignment with consent obligations and legal standards.

For more information, see the AT&T Privacy Center and our Policies page.

Safeguarding Children’s Privacy

We comply with the Children's Online Privacy Protection Act (COPPA) as well as other applicable laws governing the collection and handling of children’s data. We have processes in place to help ensure we never knowingly collect personally identifiable information from anyone under the age of 13 without first obtaining legally required parental consent.¹ In 2025, we also launched our Children’s Privacy Notice to outline any sensitive data and information we collect from children under the age of 18.

When we do collect information, we do so in accordance with legally permitted purposes or exceptions, or after obtaining legally required parental or guardian permission. Similarly, unless we have consent from a parent or legal guardian, our policies prohibit us from knowingly contacting a child under the age of 13 for marketing purposes.

In addition, we provide tools to help safeguard children online. This includes Secure Family, which enables parents to locate a family member’s device and manage screen time as well as the content that may be accessed online. In 2025, we added resources to support a child’s digital journey, including content from online safety specialists.

For more on how we protect children’s privacy, see the “Information specific to children” section of our Privacy Notice and our Children’s Privacy Notice.

Responding Rapidly

We test privacy control effectiveness in our operations to proactively identify and address potential weaknesses, yet, like all companies, we sometimes experience attempts to gain unauthorized access to customer or employee data. When such situations arise, our Incident Response team rapidly enacts a defined action plan.

The team follows a carefully designed governance structure and response process, investigating suspected breaches and evaluating potential impacts. If we determine a data breach has occurred, we notify affected consumers and authorities.

To keep our response strong, we regularly test and improve it with tabletop exercises. We also monitor and keep up to date with data privacy laws and regulations to ensure ongoing compliance.

Maintaining Transparency

Transparency is a fundamental principle of our privacy program, and we deliver honest, timely information to customers via several routes.

When we update privacy policies and notices, we notify consumers as required. Consumers can also send questions or feedback by submitting a form via our Data Request Center or writing to AT&T Chief Privacy Office, 208 S. Akard St., Room 2901, Dallas, TX 75202.

We publish a biannual Transparency Report with comprehensive information on our responses to legal demands. It includes the number and types of demands, those that were partially or completely rejected, demands for location information, exigent requests and international demands. The AT&T Global Legal Demand Center oversees demands from law enforcement.

Employee Training and Awareness

We provide mandatory privacy and security training to all employees annually and more frequently as necessary.

Our privacy training web portal features a hub, available to all employees, for privacy-related communications, news, courses and resources. It also contains materials to help business teams understand consumer consent requirements under new state privacy laws.

We host company-wide events to raise awareness of our policy requirements and expectations and to underscore the importance of privacy compliance.

Privacy Governance

Several internal bodies oversee our data privacy approach:

Board of Directors Governance and Policy Committee and Audit Committee: Receive regular updates on privacy-related topics from our Chief Privacy Officer.
Chief Privacy Office (CPO): Has management responsibility for privacy compliance programs. The CPO conducts an annual risk assessment of company operations relative to privacy-control effectiveness and maturity. For more information, see our Ethics & Integrity issue brief.
Chief Privacy Officer: Oversees the CPO, reports to AT&T’s General Counsel and is responsible for ensuring company operations adhere to AT&T privacy principles, policies, notices and commitments.
Corporate Compliance Office: Oversees periodic testing of incident response plans in partnership with stakeholders, including the AT&T Chief Security Office.
AT&T Chief Data Office: Reviews, when necessary, advanced privacy protections. Their expertise in data de-identification and other privacy topics helps AT&T set privacy-related guardrails that have a scientific and mathematical foundation.
AT&T Global Legal Demand Center: Includes a team dedicated to overseeing, reviewing and responding to law enforcement requests.
AT&T Chief Security Office: Promotes compliance with AT&T’s security policies and network and information security program in a consistent manner for all network systems and applications.

The Chief Privacy Office

The CPO oversees and implements privacy compliance programs in accordance with evolving international, federal and state legislation. It covers:

Consumer Transparency: The CPO sets requirements and provides oversight to ensure consumers can exercise their individual rights under applicable privacy laws. This oversight includes compliance with consumer privacy laws and regulations such as the General Data Protection Regulation and the California Consumer Privacy Act.
Privacy Updates: When new privacy laws are enacted, the CPO evaluates whether and how to update privacy disclosures, policies and notices, working with the business to provide related employee training as needed.
Reviews: The CPO reviews business teams’ data use cases to analyze and approve proposed collection, use, sharing and processing. The CPO also verifies the continued accuracy of our policies and notices, consulting with business units on our representations regarding data collection, use and sharing.
Collaboration: The CPO works with the business to address new and emerging issues in technology and data privacy.

Stakeholder Engagement

Open discussion with industry peers, advocacy groups, leading privacy and business organizations, government organizations and regulatory agencies is key to maintaining best-in-class consumer data protections:

Collaboration: AT&T regularly engages with The Conference Board, International Association of Privacy Professionals, and Future of Privacy Forum. We are also a member of the Data Privacy Board, which brings together privacy leaders from some of the world’s largest corporations.
Advocacy: AT&T advocates for, and participates in discussions about, federal consumer privacy legislation that unifies regulation for privacy, data security and breach notification, consistent with standards developed and enforced by the U.S. Federal Trade Commission.
Academic and Tech Partnerships: AT&T’s Chief Data Office supports academic and tech partnerships to create the next generation of data and privacy experts.

Impact in Action

Our 2025 Impact in Action

In 2025, we took steps to enhance our privacy approach, guided by our focus on transparency and trust.

Protecting Children

We continue to build upon our commitment to safeguarding children. As part of these efforts, we launched our new Children’s Privacy Notice in 2025 for AT&T children’s products and services, under which we pledge not to collect sensitive data from children under the age of 18 without parental notice. The notice demonstrates our commitment to protecting the safety and privacy of minors across our various business functions.

Streamlined Data Requests

In 2025, we updated our Data Request Center to consolidate communications from customers, making the data inquiry process more robust and streamlined for customers.