WBA's Proactive Approach to Safeguarding Customer Data

Mar 12, 2024 12:00 PM ET
A person passed a prescription over the counter

As a global healthcare leader and retailer, personal information is provided to Walgreens Boots Alliance through purchasing and filling prescriptions, enrolling in promotional and loyalty programs, registering on our websites or otherwise communicating with us. We are committed to protecting patient and customer privacy and data with leading data protection standards. More information can be found in our 2023 Environmental, Social & Governance Report.

The Global Chief Privacy Officer oversees the privacy of WBA’s patient, consumer and employee data, with oversight from the Audit Committee. We conduct privacy impact assessments regularly. Our privacy program reporting is shared with the Audit Committee on a routine basis.

We are transparent with our customers about how we use their data. Statements are posted on our websites and include information about data usage and safeguards. We publish our policies about individual rights requests regarding the use and deletion of personal information for customers in applicable jurisdictions. We comply with EU and UK law on data protection and privacy. Our policy is to notify all data subjects of reportable data incidents in accordance with applicable laws. In the U.S., where approximately 80 percent of the WBA personal health data resides, the Health Insurance Portability and Accountability Act (HIPAA) privacy rule compliance program incorporates administrative, technical and physical safeguards. Under our HIPAA policy, we receive written authorization from the data subject where required, and collection and processing are limited to the stated purpose. We also have a program to receive, investigate and respond to privacy complaints.

Annual privacy training is mandatory for applicable team members, including pharmacy, retail and support office. Applicable U.S. contractors are legally obligated to receive privacy training.

We also have policies and procedures in place that govern data transfers to third parties, including appropriate methods and controls, such as standard contractual clauses.

For more information on WBA’s patient and customer privacy standards please see the latest ESG Report.