GoDaddy 2021 Sustainability Report: Data Privacy and Security

Jul 5, 2022 11:00 AM ET

Originally published on GoDaddy For Good

We believe that making your own way online shouldn’t come at the cost of privacy or security.

As an internet company, data protection, security and privacy are at the core of everything we do. We work tirelessly to provide continuous privacy and to develop security improvements that benefit our customers. We work to take proactive measures to be transparent with users, protect their data and keep up with an evolving regulatory landscape.

Our cross-functional, risk-based approach to both user privacy and web security keeps our privacy and security controls and practices relevant to our business and customers.

Here’s a snapshot of what that looks like:

  • The Audit and Finance Committee assists the Board in its oversight of privacy and cybersecurity risk by keeping the Board apprised of our data privacy and security programs, strategies, policies, standards and processes.
     
  • The Chief Information Security Officer (CISO) oversees GoDaddy’s Information Security organization, which includes security risk and assessment responsibilities, threat intelligence, incident response functions, and product, enterprise and customer security. The CISO meets with the Audit and Finance Committee quarterly and provides updates to the full Board at least annually. These updates include reviewing our data privacy and cybersecurity programs and risks, and discussing priorities, mitigation strategies, staffing and resources.
     
  • Our Data Protection Office, which is run by our Privacy Officer, manages GoDaddy’s Global Privacy program, which is verified each year through a third-party audit. All our customers have access to core privacy tools and we do not sell customer information to third parties. Our Privacy Officer reviews our program with the Audit and Finance Committee from time to time to maintain focus on privacy at the highest levels.
     
  • Our Trust Center: We know our customers need a trusted partner to help navigate the complicated world of privacy and security. GoDaddy’s Trust Center site houses all data protection, security and privacy resources in one easy location for our customers, giving them the resources needed to ensure their information — and their customers’ information — is safe and compliant.

Data security

Hackers. Malware. Social engineering. Phishing. There are many ways data can end up in the wrong hands. We work every day to protect against all of them. GoDaddy maintains a broad range of policies and procedures, training programs and company-wide systems designed to secure data, avoid breaches and respond to new threats. These efforts span several focus areas:

  • Proactive monitoring: We continuously check for vulnerabilities. To proactively prepare for new and emerging threats, we research and monitor industry threats that could impact GoDaddy and our customers.
     
  • Training and internal communications: All GoDaddy employees receive annual customer privacy and security training to preserve our high standards. We also send regular and timely alerts to employees to keep them up to date on the latest security and privacy initiatives and activities at GoDaddy, as well as industry best practices.
     
  • Intentional development: Teams within GoDaddy’s information security organization partner with product development teams to make security a core consideration when building new products and services.
     
  • Security frameworks: We align with best practices by adhering to leading security frameworks, such as the National Institute of Standards and Technology (NIST) cybersecurity framework, PCI DSS and WebTrust.

Security practice improvements

The NIST Cybersecurity Framework consists of five functions: identify, protect, detect, respond and recover. When used together, these functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk.

In 2021, we focused on the identity and recover functions of the NIST framework. PwC’s assessment of our progress showed that our capabilities in those areas are now above industry standards. We also achieved ISO 27001:2013 certification for our domains registrar platform and DNS services.

Additionally, all security policies underwent an uplift in 2021, including a further formalization of our data security policies.

Data Privacy

Our business is built on helping customers make a name for themselves online — not sellingmtheir data to other companies, ever. Our Privacy Policy details our approach to protecting the personal data we collect, use, store and share. We care about the privacy of our customers and employees from around the world, which is why we apply a globally consistent approach to privacy and adhere to stringent privacy requirements, regardless of the location of our customers and employees.

In 2021, we refreshed our annual TRUSTe LLC independent General Data Protection Regulation (GDPR) privacy program management validation, covering the GoDaddy family of brands and recent acquisitions, and added a new feature in customers’ account settings that allows them to more easily exercise their rights regarding behavioral advertising.

Additionally, in 2021, we also addressed the requirement under General Data Protection Regulation (GDPR) to conduct data transfer risk assessments and refreshed our data processing addendums to incorporate the new standard contractual clauses for EU data transfers. We remain committed to staying on top of evolving international regulations — including, for example, the introduction of new privacy laws now in effect in China.

Our continued focus on “privacy by design” helps ensure that privacy principles are considered during process design and throughout our entire engineering lifecycle. With this approach in mind, we constantly assess how data protection can be achieved by improving processes and creating additional employee training sessions, which was delivered across the enterprise in 2022.

Content Safety

We aim to help create platforms that benefit society.

At GoDaddy, we believe that diversity of ideas and freedom of expression are fundamental to healthy societies and economies, but we also recognize that digital organizations have a responsibility to properly respond to harmful content.

Our content safety philosophy is outlined in our Trust Center, with specific policies identified in our Universal Terms of Service (UTOS). Examples of harmful content that violates our policies and UTOS include promoting, encouraging or engaging in violence or for any illegal activity, such as
the exploitation of children, the promotion of terrorism, the sale of prescription medicine without a valid prescription and fraudulent activity. This is not an exhaustive list and we periodically review our UTOS and policies.

When our dedicated Content Safety team receives a complaint, they review it carefully to determine whether there is a violation of GoDaddy’s policies and/or UTOS and, if so, the appropriate action to take in response, which may include suspension, termination or closing the matter, among other things. Last year, our dedicated Content Safety team received over 18,000 content complaints.

Policy updates

In 2021, we formally expanded our policy regarding content that encourages “violence against people” to include content promoting self-harm or suicide. We also prohibited non- consensual sharing of sexually explicit materials (NSEM). This includes a required declaration on the part of the complaining party.


Photo: Creighton Elinski — HINTERLANDSKIS.COM 

Learn more about GoDaddy here

Download the 2021 GoDaddy Sustainability Report here

About This Report
Unless otherwise noted, GoDaddy’s 2021 Sustainability Report covers the company’s environmental, social and governance strategies, activities, progress, metrics and performance for the fiscal year that ended December 31, 2021. This report references the Global Reporting Initiative (GRI) Standards and the Sustainability Accounting Standards Board (SASB) Standards for the Internet Media and Services sector. GoDaddy is committed to regular, transparent communication of our sustainability progress, and to that end, we will share case studies, updates and articles on an ongoing basis through our website and other key resources. We intend to continue providing updates about our sustainability journey by publishing an annual sustainability report.