Employee with headset working at desk with multiple computer monitors
Governance

Data Privacy and Information Security

We recognize that data protection and privacy practices are key elements of our customers’ experience and contribute to the safety and efficiency of our operations.

The Audit Committee of our Board is responsible for reviewing cybersecurity risks and overseeing the security and operations of our information technology systems. Our IT Risk Team monitors and regularly reports on cyber risk so that senior leadership can make informed business decisions. Security awareness activities go beyond annual training and include engagement and reinforcement activities to help our employees understand that their role in protecting our company is just as important as the technologies we have in place.

We seek to collect and process only necessary personal data from our customers. Our systems are built following a “privacy by design” approach, and we undertake privacy risk and impact assessments for any new or modified data processes. To support employee engagement on, and compliance with, our privacy approach, we have almost 40 Privacy Champions serving throughout our organization who act as liaisons between the business units and our Data Privacy team.

Delta has established physical, electronic, and managerial safeguards to protect the information in our care. These measures are reviewed to protect against unauthorized access, disclosure, and improper use of customer information and to maintain the accuracy and integrity of that data. All U.S. air carriers are subject to laws regarding the privacy and security of customer and employee data that vary between the countries in which we operate. We continue to update our processes to adhere to applicable domestic and international data protection laws and regulations.

For additional information about our risk management, strategy and governance of cybersecurity, please see our Annual Report on Form 10-Kopens in a new window for the fiscal year ended 2023年12月31日, as filed with the Securities and Exchange Commission.