Data Security and Privacy
Data security and individual privacy have become growing concerns for businesses and society, particularly with the rise of cyber attacks and data breaches.
Individuals rightly expect companies to responsibly handle personal data, including personally identifiable information, payment details, device information and browsing history. Mohawk recognizes the importance of safeguarding this information and only uses collected data for legitimate business purposes, such as identity verification, promotional materials and enhancing our websites and products.
Our Privacy Policy outlines our data collection practices for our corporate operations and U.S.-based businesses, while our entities outside the U.S. have procedures aligned with local regulations and jurisdictional requirements. We respect users’ rights under applicable data protection laws in each country, state and province where we operate.
We prioritize the protection of personally identifiable information on Mohawk websites by respecting applicable laws and employing organizational, technical, administrative and physical security measures. A dedicated team, led by our Chief Information Officer (CIO), implements information security controls based on the nature of the data involved. To assess our performance, we completed an enterprise-wide, third-party audit in relation to our Information Security Compliance with the Center for Internet Security Controls. Additionally, our North American businesses were audited by an external firm in regard to our Payment Card Industry Data Security Standard compliance. We continue to perform regular reviews and updates to our information security procedures to maintain their effectiveness, and our CIO reports on information security to our Board on at least a quarterly basis.
Regular cybersecurity training for our employees is a key aspect of our information security strategy. New employees undergo mandatory online cybersecurity training upon joining the Company, and we provide annual training to all employees, covering various topics such as secure access practice, phishing schemes, remote work and response to suspicious activities. To complement online training, employees are educated through additional methods, including event-triggered awareness campaigns, recognition programs, security presentations, intranet articles, videos, system-generated communications, email publications and various simulation exercises. While we work diligently to minimize the likelihood of security issues based on the sensitivity of the data, no company can guarantee the absolute security of personal information. However, we are pleased to report that in 2023, we experienced no material data breaches for the fifth consecutive year.