Power Corporation website

Power Corporation in the Community

Power Corporation History
Logo CSR Logo CSR
Menu
Our commitment to sustainability
A message from our CEO
Sustainability policies
Sustainability priorities
2024-2025 highlights and objectives
Stakeholder engagement
Sustainable Development Goals
Reporting
Rankings and ratings

Data privacy and security

We are committed to maintaining the confidentiality and security of all personal information we may collect, use and disclose in compliance with applicable laws and regulations. Data privacy and security are of utmost importance to the Corporation and we have strict policies in place to ensure the personal information entrusted to us is protected.

Commitment

We have formalized our commitment to protecting the information we collect and generate in the policies that govern the way in which we conduct our business. In these policies, we have established specific guidelines relating to the collection, use and disclosure of personal information. We also have policies and procedures relating to the protection of confidential information from theft, loss, unauthorized disclosure, access or destruction or other misuse. 

It should  be noted that as a holding company, the Corporation has no clients of its own and does not collect, nor use, any client information. While as part of our active ownership approach we engage with our group companies to understand how they manage data privacy and security, our group companies are responsible for implementing their own data privacy and security policies and procedures to protect the privacy of their clients’ information. We refer you to our group companies’ respective public disclosure for more information on their respective policies and procedures in that regard. 

The Corporation's Code of Business Conduct and Ethics and Third Party Code of Conduct outline our broad expectations regarding the treatment of personal information for both the Corporation's personnel and third parties we work with. These expectations are further detailed in our formal policies that cover personal information collected from the public, employee personal information, cybersecurity and record retention. 

The Corporation's Privacy Policy establishes guidelines for the collection, use and disclosure of personal information from the public, including from those using our websites and third-party social media sites, or subscribing to our e-mail notification service. 

We also have a separate Employee Privacy Policy that establishes the guidelines for the collection, use and disclosure by Power Corporation of personal information regarding our employees for the purposes of establishing, maintaining and concluding the employment relationship. 

Our Security of Technology and Intellectual Property Policy (the “Cybersecurity Policy”) sets forth the Corporation’s expectations for all employees, consultants and contractors with respect to the proper use of the Corporation’s technology and intellectual property and the protection of cybersecurity.

Our Artificial Intelligence Use Policy, adopted in 2025, governs how generative artificial intelligence tools can be used in the context of the work performed by directors, officers and employees for the Corporation. The policy sets out the responsibilities of any directors, officers and employees regarding regulatory compliance, human oversight, ethical considerations, security and confidentiality, transparency and disclosure, and protection of intellectual property rights when using artificial intelligence tools. 

Finally, our Record Retention Policy ensures that our records, including personal information, are retained, processed, and destroyed appropriately and in accordance with applicable laws.

Implementation

In accordance with applicable privacy laws, we collect personal information that is necessary to our business where we have consent to do so or as permitted or required by law. Each officer and employee is provided with a copy of our various policies and procedures. 

Through our annual corporate policies training sessions, we educate our employees on the application of our policies and procedures, including those related to data privacy, security and cybersecurity. The training process is facilitated by a web-based platform, through which the mandatory training module covering Power Corporation’s Code of Business Conduct and Ethics and key corporate policies is being conducted. At the end of the module, as part of our annual certification requirement, employees are required to certify their compliance with our Code of Business Conduct and key corporate policies.

We have implemented a cybersecurity awareness training program, which includes the delivery of mandatory and on-demand training to all employees. In addition, from time to time, our personnel receive training on more specific issues, as new risks are identified or new systems are implemented. Our employees also receive training on the use, risks and limits of artificial intelligence systems in accordance with the Corporation’s Artificial Intelligence Use Policy.

We have established a comprehensive information and cybersecurity program, benchmarked our capabilities to sound industry practices, and we have implemented threat and vulnerability assessments and response capabilities, including an information technology security incident response protocol, which is administered and implemented by both the Vice-President and Controller and the Information Technology Director. Through external specialist firms, we periodically assess the robustness of our cybersecurity. Our information technology defenses are continuously monitored and adapted to both prevent and detect cyber-attacks, and then recover and remediate. 

Responsibility

Proper use and protection of information is the responsibility of our entire organization and relies on the diligence of each member of our personnel. The Privacy Officer  is responsible for providing oversight of data privacy programs, and the Vice-President and General Counsel is responsible for the oversight of training and compliance regarding our policies and procedures. The Vice-President and Controller is responsible for administering the Corporation’s Cybersecurity Policy and Artificial Intelligence Use Policy. All three report to the Audit Committee of the Board of Directors as needed.

Reporting mechanisms 

To report any concerns, inquiries or complaints regarding our privacy policies, our employees and the public should contact the Corporation's Privacy Officer. 

Monitoring and review

We continuously monitor and enhance our information technology defenses and procedures to prevent, detect, respond to and manage cybersecurity threats, which we recognize are constantly evolving. We also receive and review threat intelligence and critical security threats facing the global financial services sector in order to proactively respond to emerging threats.

We conduct periodic audits of our information security systems to ensure proper implementation of our policies as well as compliance with evolving regulations, including the European General Data Protection Regulation (GDPR). We make necessary improvements to adapt to regulations. 

Responsible Management

Scroll To Top
X