Skip to main content
Navigation
Navigation
Print

Sustainability Accounting Standards Board (SASB) Index

The Sustainability Accounting Standards Board (SASB) provides a collection of industry-specific standards to help measure and communicate performance on environmental, social and corporate governance topics.

Inclusion of information in this index should not be construed as a characterization of the materiality or financial impact of that information. Please see our corporate Annual Report or Form 10-K for the year ended December 31, 2022 and other publicly-filed documents available at https://investors.att.com/.

In July 2021, we completed a transaction with TPG Capital involving our North America video business—including DIRECTV, AT&T TV and U-verse—to form a new company called DIRECTV. In November 2021, we completed the sale of our Latin America video operations, Vrio, to Grupo Werthein. In April 2022, we completed a transaction to combine our WarnerMedia segment, subject to certain exceptions, with a subsidiary of Discovery Inc. In June 2022, we completed the sale of the programmatic advertising marketplace component of Xandr Inc. to Microsoft.

Telecommunication Services

SASB Code(s) SASB Requested Metric(s) AT&T Response
TC-TL-000.A Wireless subscribers Total N. America wireless customers: 239.000 million
  • U.S.: 217.397 million
  • Mexico: 21.603 million
Please see our Q4 2022 Earnings Statement.
TC-TL-000.B Wireline subscribers Total voice connections: 8.143 million
  • Network access lines: 5.213 million
  • U-verse Voice over Internet Protocol connections: 2.930 million
Please see our Q4 2022 Earnings Statement.
TC-TL-000.C Broadband subscribers Global broadband subscribers: 15.386 million Please see our Q4 2022 Earnings Statement.
TC-TL-000.D Network traffic:
  • Percentage on cellular network
  • Percentage on fixed network
 In 2022, our advanced network carried 553.0 petabytes of traffic on an average business day. AT&T is not able to provide further breakdown of this data as requested, as it is confidential. For more information, please see our Network Quality & Reliability issue brief.
TC-TL-130a.1
  • Total energy consumed (Gigajoules):
  • Percentage grid electricity
  • Percentage renewable energy
  • Data center Power Usage Effectiveness
 2022 data will be available in Q2 2023.
TC-TL-220a.1 Description of policies and practices relating to behavioral advertising and customer privacy Our Privacy Policy explains how we use customer information and keep it safe. It also outlines the choices customers can make at any time about how their information is used. Consumers can access information on our approach to privacy and data use, along with links to privacy choices and security tips, through the AT&T Privacy Center and AT&T Mexico Comprehensive Privacy Notice. In addition, privacy policies for AT&T’s apps and services are accessible within the apps and on the services’ websites. Through these policies, consumers can learn about their choices for opting out of certain data collection and marketing programs, such as behavioral advertising. Our approach to transparency includes:
  • Policy Updates & Questions: When we update our privacy policies, we appropriately notify our consumers to provide them with resources to understand the changes made and explain the changes on notices available on our Privacy Center website. Consumers can also send questions or feedback on our privacy policies, either by emailing privacypolicy@att.com or writing us at AT&T Privacy Policy, Chief Privacy Office, 208 S. Akard St., Room 2100, Dallas, TX 75202.
  • Transparency Report: AT&T publishes a biannual Transparency Report in which we provide comprehensive information about legal demands to which we responded. It includes the number and types of demands, those that were partially or completely rejected, demands for location information, exigent requests, and international demands. Our commitment to the law and our privacy principles are reflected in our comprehensive, voluntary reporting of this information to the public.
  • Consumer Resources: We strive to help consumers learn how to maintain privacy, safety and security in an increasingly connected world. To further equip consumers with the tools to control their privacy choices, in 2022 we launched a new portal to make it easier for consumers to opt out of email marketing. We also featured the AT&T ActiveArmor mobile security app on our Privacy Center to help customers view all their privacy and security resources on one platform. This free app helps consumers customize their robocall protection, manage nuisance calls and create a personal blocklist. For more information, please visit our Network & Data Security issue brief.
In 2022, we expanded the privacy choices offered to customers and updated our Privacy Policy to align with several new state privacy laws. Specifically, we extended the ability to access or delete personal information or request that we not sell data. These options are available to all U.S. consumers, not solely in states where offering these privacy choices is required. In addition, we began offering all U.S. consumers the ability to submit a correction request, appeal a privacy decision we made in response to privacy requests and transfer their data by requesting an access report in a portable format. We also launched a new course for employees to educate them about the updated privacy choices available to customers and courses on multiple domestic privacy laws. For more information on AT&T’s data protection and security practices, please see our Privacy issue brief.
TC-TL-220a.2 Number of customers whose information is used for secondary purposes
  • Percentage who have opted in
 AT&T is not able to provide this data, as it is confidential.
TC-TL-220a.3 Total amount of monetary losses as a result of legal proceedings associated with customer privacy AT&T is not able to provide this data, as it is confidential.
TC-TL-220a.4 Number of law enforcement requests for customer information:
  • Number of customers whose information was requested
  • Percentage resulting in disclosure
 Like all companies, we are required by law to provide information to government and law enforcement entities, as well as parties to civil lawsuits, by complying with court orders, subpoenas, lawful discovery requests and other legal requirements. Twice a year, we issue a Transparency Report listing (1) specific data regarding the number and types of legal demands to which we responded for the prior 6 months that compelled AT&T to provide information about (a) communications or (b) our customers, as well as (2) information permitted by law to be disclosed about Foreign Intelligence Surveillance Act demands. The Transparency Report also provides information about legal demands that were partially or completely rejected, and for which no data was provided. AT&T does not currently disclose the number of individual customers whose records were requested.
TC-TL-230a.1 Number of data breaches:
  • Percentage involving customers’ personally identifiable information
  • Number of customers affected
 AT&T is not able to provide information on data security breaches, as it is confidential. While we work hard to protect and safeguard the privacy of consumer and employee information, like all companies, we occasionally confront attempts to gain unauthorized access to our customers’ or employees’ data. We have created an action plan to help us to respond swiftly to these situations:
  • Oversight: Our Corporate Compliance Office oversees periodic testing of our incident response plans in partnership with stakeholders such as the AT&T Chief Security Office.
  • Action: The AT&T Incident Response team follows a carefully designed governance structure and response process, investigating suspected breaches and evaluating their potential impact. If we determine that a data breach has occurred, we notify affected consumers and authorities as required by applicable law. We test the incident response process through tabletop exercises to identify improvements, and we work to remain informed about current laws and regulations impacting data privacy so our response process remains compliant.
For more information on our data protection and security practices, please see the AT&T Privacy Center website and our Privacy or Network & Data Security issue briefs.
TC-TL-230a.2 Description of approach to identifying and addressing data security risks, including use of third-party cybersecurity standards The AT&T Security Policy and Requirements (ASPR) serves as a guide and a reference point for conducting business in a secure environment and protecting AT&T information resources. ASPR is a comprehensive set of security control standards based, in part, on leading industry standards such as ISO/IEC 27001:2013. ASPR applies to all employees and contractors and establishes the minimum required safeguards to protect computing and networking assets, data and services. ASPR aligns with laws and standards such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework and NIST 800-53, as well as the European Union’s General Data Protection Regulation, the Criminal Justice Information Services Security Policy, and the California Consumer Privacy Act. AT&T maintains 2 global ISO/IEC 27001:2013 certifications. The scope of these certifications covers the AT&T global IP infrastructure and certain customer-facing managed services. We have also achieved ISO 9001:2015 certification,* which demonstrates and reinforces our belief that customer satisfaction and expectations are the most important factors in the work we do, and we undergo annual third-party audits, such as those for the Payment Card Industry Data Security Standard, the Sarbanes-Oxley Act and SSAE 18/ISAE 3402. For details on our managerial approach to security, please see our Network & Data Security issue brief. * ISO 9001 certification is applicable within specific areas of AT&T’s Network Operations, Supply Chain and Government Solutions departments.
TC-TL-440a.1 Materials recovered through take back programs, percentage of recovered materials that were:
  • Reused
  • Recycled
  • Landfilled
 Materials from take-back programs:
  • Reused or sold: 89% (estimated)*
  • Recycled: 11% (estimated)*
  • Landfilled: 0% (estimated)*
We require that all U.S. device recycling and salvage vendors maintain an R2 certification. R2 is a comprehensive global certification awarded to facilities that adhere to the R2 responsible electronics recycling standards, which cover areas such as worker health and safety, environmental protection, chain-of-custody reporting and data security. AT&T collaborates with peers though the Global System for Mobile Communications Association, which has working groups focused on consumer device and network equipment recycling. In 2022, we also engaged with Cellular Telecommunications & Internet Association working groups to refine the industry standard for used mobile device grading. The goal of this initiative is to scale device reuse through common tools, technology and terminology, ultimately supporting consumer confidence in used and refurbished devices. For more information, please visit our Product Life Cycle and Waste Management issue briefs. * Data inclusive of AT&T’s U.S. operations. Final values will be available in Q2 2023.
TC-TL-520a.1 Total amount of monetary losses as a result of legal proceedings associated with anti-competitive behavior regulations For fiscal year 2022, AT&T had no material losses related to litigation or to non-appealable regulatory decisions involving anti-competitive behavior.
TC-TL-520a.2 Average actual sustained download speed of:
  • Owned and commercially associated content
  • Non-associated content
 AT&T does not favor certain websites or internet applications by blocking or throttling lawful internet traffic on the basis of content, application, service, user or use of nonharmful devices on its broadband internet access services. In the provisioning of broadband internet access services, AT&T does not directly or indirectly favor some traffic over other traffic in exchange for consideration from a third party or to benefit an affiliate, except to address the needs of emergency communications, law enforcement, public safety (including FirstNet) or national security authorities, consistent with or as permitted by applicable law. For more information on our approach to network traffic management, see the AT&T Broadband Information: Network Practices webpage. For information on the expected and actual performance of our wireline and mobility network services, see the AT&T Broadband Information: Performance Characteristics webpage.
TC-TL-520a.3 Description of risks and opportunities associated with net neutrality, paid peering, zero rating and related practices For information on the topics, see the AT&T Global IP Network Peering Policy and our public policy statement about net neutrality.
TC-TL-550a.1
  • System average interruption frequency
  • Customer average interruption duration
  • System average interruption frequency: 0.000521984
  • Customer average interruption duration: 0.044249477
Methodology:
  • System average interruption frequency = total unplanned interruptions/total customer ports
  • Customer average interruption duration = total unplanned interruption duration (minutes)/total customer ports
TC-TL-550a.2 Discussion of systems to provide unimpeded service during service interruptions Our systems collect billions of service-assurance measurements across our wireline and wireless networks every hour and analyze this data in near-real time to help improve performance and deliver our best customer experience. The AT&T Business Continuity Management Program includes management disciplines, processes and techniques to support our employees and critical business operations in the event of a significant business disruption, with a focus on maintaining delivery of customer services, including during climate-related events. This program is certified to the international business continuity standard, ISO 22301:2021. It is also aligned with the Disaster Recovery Institute International Professional Practices, Business Continuity Institute Good Practice Guidelines, Federal Emergency Management Agency National Incident Management System and ISO 31000. Our alignment with these standards indicates our readiness to resume business operations and deliver customer service in the vital hours and days after a disaster. We continue to invest in our Network Disaster Recovery Program, which exists to rapidly restore communications to areas affected by disasters, and we are committed to on-the-ground testing. In the event of a disaster or other emergency, we implement procedures to quickly restore network functionality, provide critical resources to impacted employees, field customer inquiries, and return or establish service in impacted communities. For additional details on our managerial approach, please see our Network Quality & Reliability issue brief and Network Practices website.