With the rapid growth of technology in our lives, we are dedicated to safeguarding our customers’ personal information and prioritizing cybersecurity. This commitment is reflected in our governance structure; our data security policies and procedures; and our systems to measure, monitor, and respond to data breaches and cyberattacks. Our associates at Williams-Sonoma, Inc., as well as third parties who provide services on our behalf, are required by policy, practice, and contract, if applicable, to treat customer information with care. Our policies and standards are reinforced by training and engagement to ensure that the privacy and security of our customers is central.
Cybersecurity Governance and Strategy
Our data protection policy governs all relevant businesses and subsidiaries, and is designed to limit the collection of personal information. To protect the information that we do collect and to maintain the integrity of our internal systems, we use a series of technologies and practices to prevent data security breaches and to detect and respond to potential data security issues. We perform internal testing and assessments monthly and undergo third-party assessments on a quarterly basis. We also utilize external independent audits, conducted at least once a year by a QSA (Qualified Security Assessor), for PCI compliance and third-party penetration tests.
Williams-Sonoma, Inc. complies with all data protection and privacy laws. Our brands support and adhere to the guidelines and practices adopted by the Direct Marketing Association’s Privacy Promise to American Consumers. We have agreed to:
- Provide customers with notice of their ability to opt out of information rental, “sale”, or exchange with other marketers
- Honor customers’ requests not to share their contact information with other marketers
- Honor customers’ requests not to receive mail, telephone, or other solicitations from Williams-Sonoma, Inc. brands.
Consent & Notification
We do not sell or transfer customer information to third parties in exchange for money. However, we do transfer personal information to certain third parties in order to operate our business (for example, to optimize search preferences). We respect our customers’ choices when it comes to handling their information, which is why we are transparent about this process, and provide the opportunity to opt-out of this practice.
Training & Verification
WSI trains all management, associates, and contractors on its data protection policy, customer data handling, and use-requirements at least annually in order to create a compliance-minded awareness in our workforce. We require additional annual security training for all associates who have access to information systems. The Technology Security Team regularly conducts privacy risk assessments and audits, and at a minimum, annually audits external vendors who handle any customer information. As a united front, we work diligently to protect our customers’ personal information while creating a space to educate our associates and the surrounding community alike.
With the rapid growth of technology in our lives, we are dedicated to safeguarding our customers’ personal information by using a number of data security policies and procedures as routine practice at Williams-Sonoma, Inc. Our associates, as well as third parties who provide services on our behalf, are required by policy and practice, as well as by contract, if applicable, to treat customer information with care.
To protect our customers’ personal information and maintain the integrity of our internal systems, we use a series of technologies and practices to prevent data security breaches and to detect and respond to potential data security issues. We also utilize external independent audits, conducted at least once a year, for PCI compliance and third-party penetration tests.
Related Stories, Statements & Policies
- WSI Ranks on Barron’s 100 Most Sustainable U.S. Companies
- Corporate Citizenship
- Ethics & Oversight
- Code of Conduct & Ethics
Image: West Elm Work