GoDaddy's 2022 Sustainability Report: Our Operations - Data Security and Privacy

Jun 14, 2023 10:00 AM ET
Woman seated at a desk with a laptop.

Originally published in GoDaddy’s 2022 Sustainability Report

Data Security and Privacy

We make it safer for entrepreneurs to follow their dreams online.

We take data protection, security and privacy extremely seriously. Our customers trust us with their dreams, and we work to maintain that trust every day. The current cybersecurity landscape is challenging, and we’re proud of our proactive efforts to deliver exceptional privacy and security. We are committed to transparency, protecting user data and keeping up with an evolving regulatory landscape.

At GoDaddy, we take a cross-functional, risk- based approach to both user privacy and web security. There are several key roles involved in this approach:

  • The Audit and Finance Committee has primary oversight responsibilities of cybersecurity risks and data privacy and security matters. The Audit and Finance Committee provides quarterly updates to the Board of Directors on matters presented to the Audit and Finance Committee by the Chief Information Security Officer 
     
  • The Chief Information Security Officer (CISO) oversees GoDaddy’s Information Security organization. The Information Security organization handles tasks such as security risk and assessment responsibilities, threat intelligence, incident response functions and product, enterprise and customer security. The CISO meets with the Audit and Finance Committee quarterly and provides updates to our entire Board at least annually. These updates include reviewing cybersecurity programs and risks, as well as discussing priorities, mitigation strategies, staffing and resources 
     
  • Our Data Protection Office, which is run by our Privacy Officer, manages GoDaddy’s Global Privacy program. To ensure the Global Privacy program maintains a focus on privacy at the highest levels, it is verified each year through an independent assessment and is reviewed by the Audit and Finance Committee as part of the Company’s Enterprise Risk Management program 
     
  • GoDaddy’s Trust Center Site houses all data protection, security and privacy resources in one easy location for our customers, offering them the resources necessary to help ensure that their information — and their customers’ information — is safe and compliant

Data Security

With the cyberthreat landscape growing and constantly evolving, we remain vigilant on securing data, avoiding breaches and addressing threats. These efforts span several areas:

  • Proactive Monitoring: We continuously check for vulnerabilities. To proactively prepare for new and emerging cybersecurity attack vectors, we research and monitor industry threats that could impact GoDaddy and our customers 
     
  • Training and Internal Communications: All GoDaddy employees receive annual customer privacy and security training to preserve our high standards. We also send regular and timely alerts to employees to keep them updated on the latest security and privacy initiatives and activities at GoDaddy, as well as industry best practices 
     
  • Intentional Development: Teams within GoDaddy’s information security organization collaborate to ensure security considerations are built into new products and services 
     
  • Security Frameworks: We align with best practices by adhering to leading security frameworks, such as the National Institute of Standards and Technology (NIST) cybersecurity framework, Payment Card Industry Data Security Standards (PCI DSS), WebTrust, International Organization for Standardization (ISO) 27001 and System and Organization Controls (SOC) 2

Data Privacy

Trust and integrity form cornerstones of our customer relationships. To that end, we provide core privacy features to all our customers, and we do not sell customer information to third parties — ever.

Our Privacy Policy details our approach to protecting the personal data we collect, use, store and share. We care about the privacy of our customers and employees from around the world, which is why we apply a globally consistent approach to privacy and adhere to stringent privacy requirements, regardless of the location of our customers and employees. We remain committed to staying on top of evolving international regulations.

  • DATA PRIVACY CERTIFICATION 
    In 2022, we refreshed our annual, independent TRUSTe LLC General Data Protection Regulation (GDPR) privacy program management validation for GoDaddy.

Privacy is an important component of all our products and services. We use the proactive Privacy by Design approach to ensure that privacy principles are considered during process design and throughout our entire engineering lifecycle. We assess opportunities to enhance data protection and to provide employees with supplemental education.

About This Report 
Unless otherwise noted, the GoDaddy 2022 Sustainability Report outlines our environmental, social and governance (ESG) strategies, activities, progress, metrics and performance for the fiscal year that ended on December 31, 2022. This report references the Global Reporting Initiative (GRI) Standards and includes select Sustainability Accounting Standards Board (SASB) Standards metrics for the Internet Media and Services sector.

GoDaddy is committed to regular, transparent communication about our sustainability progress, and to that end, we will share updates on an ongoing basis through our website and will continue to publish an annual Sustainability Report.

To learn more, please read our 2022 Sustainability Report.