Sustainability Accounting Standards Board (SASB) Index
The Sustainability Accounting Standards Board (SASB) provides a collection of industry-specific standards to help measure and communicate performance on environmental, social and corporate governance topics.
Inclusion of information in this index should not be construed as a characterization of the materiality or financial impact of that information. Please see our corporate Annual Report or Form 10-K for the year ended December 31, 2022 and other publicly-filed documents available at https://investors.att.com/.
In July 2021, we completed a transaction with TPG Capital involving our North America video business—including DIRECTV, AT&T TV and U-verse—to form a new company called DIRECTV. In November 2021, we completed the sale of our Latin America video operations, Vrio, to Grupo Werthein. In April 2022, we completed a transaction to combine our WarnerMedia segment, subject to certain exceptions, with a subsidiary of Discovery Inc. In June 2022, we completed the sale of the programmatic advertising marketplace component of Xandr Inc. to Microsoft.
|SASB Code(s)||SASB Requested Metric(s)||AT&T Response|
Total N. America wireless customers: 239.000 million
Total voice connections: 8.143 million
|TC-TL-000.C||Broadband subscribers||Global broadband subscribers: 15.386 million Please see our Q4 2022 Earnings Statement.|
||In 2022, our advanced network carried 553.0 petabytes of traffic on an average business day. AT&T is not able to provide further breakdown of this data as requested, as it is confidential. For more information, please see our Network Quality & Reliability issue brief.|
||2022 data will be available in Q2 2023.|
|TC-TL-220a.1||Description of policies and practices relating to behavioral advertising and customer privacy||
Consumers can access information on our approach to privacy and data use, along with links to privacy choices and security tips, through the AT&T Privacy Center and AT&T Mexico Comprehensive Privacy Notice. In addition, privacy policies for AT&T’s apps and services are accessible within the apps and on the services’ websites. Through these policies, consumers can learn about their choices for opting out of certain data collection and marketing programs, such as behavioral advertising. Our approach to transparency includes:
Number of customers whose information is used for secondary purposes
||AT&T is not able to provide this data, as it is confidential.|
|TC-TL-220a.3||Total amount of monetary losses as a result of legal proceedings associated with customer privacy||AT&T is not able to provide this data, as it is confidential.|
Number of law enforcement requests for customer information:
||Like all companies, we are required by law to provide information to government and law enforcement entities, as well as parties to civil lawsuits, by complying with court orders, subpoenas, lawful discovery requests and other legal requirements. Twice a year, we issue a Transparency Report listing (1) specific data regarding the number and types of legal demands to which we responded for the prior 6 months that compelled AT&T to provide information about (a) communications or (b) our customers, as well as (2) information permitted by law to be disclosed about Foreign Intelligence Surveillance Act demands. The Transparency Report also provides information about legal demands that were partially or completely rejected, and for which no data was provided. AT&T does not currently disclose the number of individual customers whose records were requested.|
Number of data breaches:
AT&T is not able to provide information on data security breaches, as it is confidential.
While we work hard to protect and safeguard the privacy of consumer and employee information, like all companies, we occasionally confront attempts to gain unauthorized access to our customers’ or employees’ data. We have created an action plan to help us to respond swiftly to these situations:
|TC-TL-230a.2||Description of approach to identifying and addressing data security risks, including use of third-party cybersecurity standards||The AT&T Security Policy and Requirements (ASPR) serves as a guide and a reference point for conducting business in a secure environment and protecting AT&T information resources. ASPR is a comprehensive set of security control standards based, in part, on leading industry standards such as ISO/IEC 27001:2013. ASPR applies to all employees and contractors and establishes the minimum required safeguards to protect computing and networking assets, data and services. ASPR aligns with laws and standards such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework and NIST 800-53, as well as the European Union’s General Data Protection Regulation, the Criminal Justice Information Services Security Policy, and the California Consumer Privacy Act. AT&T maintains 2 global ISO/IEC 27001:2013 certifications. The scope of these certifications covers the AT&T global IP infrastructure and certain customer-facing managed services. We have also achieved ISO 9001:2015 certification,* which demonstrates and reinforces our belief that customer satisfaction and expectations are the most important factors in the work we do, and we undergo annual third-party audits, such as those for the Payment Card Industry Data Security Standard, the Sarbanes-Oxley Act and SSAE 18/ISAE 3402. For details on our managerial approach to security, please see our Network & Data Security issue brief. * ISO 9001 certification is applicable within specific areas of AT&T’s Network Operations, Supply Chain and Government Solutions departments.|
Materials recovered through take back programs, percentage of recovered materials that were:
Materials from take-back programs:
|TC-TL-520a.1||Total amount of monetary losses as a result of legal proceedings associated with anti-competitive behavior regulations||For fiscal year 2022, AT&T had no material losses related to litigation or to non-appealable regulatory decisions involving anti-competitive behavior.|
Average actual sustained download speed of:
||AT&T does not favor certain websites or internet applications by blocking or throttling lawful internet traffic on the basis of content, application, service, user or use of nonharmful devices on its broadband internet access services. In the provisioning of broadband internet access services, AT&T does not directly or indirectly favor some traffic over other traffic in exchange for consideration from a third party or to benefit an affiliate, except to address the needs of emergency communications, law enforcement, public safety (including FirstNet) or national security authorities, consistent with or as permitted by applicable law. For more information on our approach to network traffic management, see the AT&T Broadband Information: Network Practices webpage. For information on the expected and actual performance of our wireline and mobility network services, see the AT&T Broadband Information: Performance Characteristics webpage.|
|TC-TL-520a.3||Description of risks and opportunities associated with net neutrality, paid peering, zero rating and related practices||For information on the topics, see the AT&T Global IP Network Peering Policy and our public policy statement about net neutrality.|
|TC-TL-550a.2||Discussion of systems to provide unimpeded service during service interruptions||Our systems collect billions of service-assurance measurements across our wireline and wireless networks every hour and analyze this data in near-real time to help improve performance and deliver our best customer experience. The AT&T Business Continuity Management Program includes management disciplines, processes and techniques to support our employees and critical business operations in the event of a significant business disruption, with a focus on maintaining delivery of customer services, including during climate-related events. This program is certified to the international business continuity standard, ISO 22301:2021. It is also aligned with the Disaster Recovery Institute International Professional Practices, Business Continuity Institute Good Practice Guidelines, Federal Emergency Management Agency National Incident Management System and ISO 31000. Our alignment with these standards indicates our readiness to resume business operations and deliver customer service in the vital hours and days after a disaster. We continue to invest in our Network Disaster Recovery Program, which exists to rapidly restore communications to areas affected by disasters, and we are committed to on-the-ground testing. In the event of a disaster or other emergency, we implement procedures to quickly restore network functionality, provide critical resources to impacted employees, field customer inquiries, and return or establish service in impacted communities. For additional details on our managerial approach, please see our Network Quality & Reliability issue brief and Network Practices website.|