Delta is committed to providing safe and clean transport for customers and a safe workplace for employees.
At Delta, we realize the opportunity to leverage our brand’s trust to drive good vendor practices, touching every aspect of our business.
Delta’s mission to connect the world includes our commitment to being a strong partner to the communities where our employees live, work and serve
Delta has remained steadfast in our commitment to address climate change
Appendix
Our people are our strongest competitive advantage, and the high-quality service they provide sets us apart.
Delta has implemented a robust governance framework over ESG matters at the board and management levels.
Travel Can Change the World. For Good.
GOVERNANCE
04
Information Security
The goal of our data protection and privacy practices is to collect and process only the personal data that is necessary. Delta has established physical, electronic and managerial safeguards to protect this information.
These safeguards are regularly reviewed to protect against unauthorized access, disclosure and improper use of customer information and to maintain the accuracy and integrity of that data. In the event of policy changes or a data breach, we aim to communicate with customers in a timely manner and assist those who may have been impacted by an incident in addition to deploying our cybersecurity corporate business continuity plan, which is tested regularly to ensure its effectiveness.
At the Board level, the Audit Committee reviews cybersecurity risks and the security and operations of our information technology systems. All U.S. air carriers are subject to laws regarding the privacy of customer and employee data that vary between the countries in which we operate. We continue to update our processes to adhere to domestic and international privacy and data protection laws and regulations.
In an effort to maintain strict data security, Delta follows the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which emphasizes identification, protection, detection, response and recovery. All Delta employees are expected to adhere to information security and privacy policies as they handle corporate and customer information in their daily jobs.
Delta regularly assesses its information security program capabilities and tools to improve reliability, enhance capabilities and scan our environment for vulnerabilities and weaknesses.
Our Information Security team is trained to remediate vulnerabilities identified within established timeframes and report to management on a weekly basis regarding the security risk posture of our information technology assets. Enterprise-wide training is a key component to reducing risk and promoting a secure brand that is serious about protecting customers, employees and company information. All employees and contractors with access to Delta’s information are required to complete annual training, which is updated as new technology, security and privacy issues emerge.
Our Information Security Awareness program includes an expert speaker series along with awareness and engagement events. The team also participates in National Cybersecurity Awareness Month in October and Data Privacy Day in January.
Awareness campaigns throughout the year focus on hot topics such as phishing, anti-tampering, data classification, password protection and ensuring a secure workspace. We have established a dedicated Information Technology (IT) Risk team tasked with the goal of ensuring that risk remediation activities are carried out consistently and that risk remediation controls are operating as intended and within established thresholds.
