about carter’s
Protecting Customer and Employee Data and Privacy
Protecting Customer and Employee Data and Privacy
Data Protection
Customers and employees entrust us with their data, and we are committed to securing their personal information. We have established physical, electronic, and contractual safeguards to protect the security of customer and employee personal information. Our approach follows the National Institute of Standards and Technology (NIST) and Capability Maturity Model Integration (CMMI) security frameworks.
In 2022, our key initiatives included:
- Creating new Security Operations Center and Security Information & Event Management systems for better security monitoring.
- Implementing a Software-Defined Wide Area Network and Next Generation Firewall, which enable further network segmentation.
- Rolling out Single Sign-On and Multi-Factor Authentication to all of our on-premises applications as part of a continuing Identity Access Management update.
- Imposing an additional layer of email security, which isolates all emails outside of the Carter’s network and scans them for potential threats.
Privacy Protection
As we strive to improve the shopping experiences of our consumers, we also seek to ensure their privacy. We regularly review and update our privacy policy to ensure consumers have access to relevant information about their rights and how we handle their personal information. We maintain high standards in this area and provide a quality experience by:
- Allowing consumers to control aspects of how we use their personal information.
- Conducting Privacy Impact Assessments that allow us to manage use of personal information by new vendors.
- Defining and updating data protection standards used in our contracts in order to clearly define relationships with, and obligations of, service providers who have access to our customers’ personal information.