
GoDaddy 2023 Sustainability Report: Our Operations | Cybersecurity and Data Privacy

GoDaddy 2023 Sustainability Report: Our Operations | Cybersecurity and Data Privacy

godaddy 2023可持續性報告:我們的運營|網絡安全概念與數據隱私
Accesswire ·  06/25 22:15

NORTHAMPTON, MA / ACCESSWIRE / June 25, 2024 / GoDaddy


Originally published in GoDaddy's 2023 Sustainability Report


Cybersecurity and Data Privacy


Cybersecurity and data privacy are a top priority for GoDaddy as an operator of large internet infrastructure. We take our commitment to cybersecurity and data privacy seriously. We maintain enterprise-wide cybersecurity and data privacy programs designed to manage the risks to GoDaddy's information systems, customer data, and personal information of our customers and employees from cyber threats, and to comply with our regulatory obligations.


Our approach to management of cybersecurity risk and data privacy obligations includes:


  • Board Oversight: Our Board oversees the company's cybersecurity risk management program through its Audit and Finance Committee. The Audit and Finance Committee receives regular reports from GoDaddy's Chief Information Security Officer (CISO) regarding the state of the company's cybersecurity program. These reports are shared, at least quarterly, with the Board of Directors. In addition, our Corporate Audit Services team audits our privacy practices, and the results of those audits are presented to senior leadership and discussed with the Audit and Finance Committee. Updates on privacy and cybersecurity matters are also included as part of the Audit and Finance Committee's review of the Company's enterprise risk management efforts.
  • Cybersecurity Risk Management: Our management is responsible for identifying, assessing, and managing the company's material cybersecurity risks on an ongoing basis; establishing processes designed to help ensure that potential cybersecurity risk exposures are monitored; putting in place appropriate mitigation and remediation measures; and maintaining the company's cybersecurity programs. GoDaddy's CISO has primary responsibility for the company's programs for identifying, assessing, and managing the company's cybersecurity risks. The CISO reports directly to the company's Chief Technology Officer and regularly provides reports and updates to the company's Chief Executive Officer on significant cybersecurity-related matters relevant to the company's cybersecurity risk.
  • Privacy Program Management: Our Privacy Officer manages our Data Privacy Office and global privacy program. Our Data Privacy Office is responsible for day-to-day operations of our privacy program, including but not limited to conducting privacy impact assessments, providing training to employees, responding to data subject requests, and responding to inquiries from data protection authorities. Other personnel and departments at GoDaddy also assist the Data Privacy Office, including but not limited to the company's Legal and Information Security teams.
  • 董事會監管:我們的董事會通過審計和財務委員會監督公司的網絡安全風險管理計劃。審計和財務委員會定期收到GoDaddy的首席信息安全官(CISO)關於公司網絡安全計劃的報告。這些報告至少每季度與董事會分享。此外,我們的公司審計服務團隊還審核我們的隱私實踐,審核結果向高級領導層彙報並與審計和財務委員會討論。在審計和財務委員會審查公司的企業風險管理工作時,也包括隱私和網絡安全問題的更新。
  • 網絡安全風險管理:我們的管理層負責持續識別、評估和管理公司的重要網絡安全風險,建立設計有助於監控潛在網絡安全風險暴露的流程,制定適當的緩解和補救措施,並維護公司的網絡安全計劃。GoDaddy的CISO擁有掌控公司識別、評估和管理其網絡安全風險的首要責任。CISO直接向公司的首席技術官彙報,並定期向公司的首席執行官提供有關公司網絡安全風險相關事項的報告和更新。
  • 隱私計劃管理:我們的隱私官管理我們的數據隱私辦公室和全球隱私計劃。我們的數據隱私辦公室負責日常運營我們的隱私計劃,包括但不限於進行隱私影響評估,爲員工提供培訓,回應數據主體請求,並回應數據保護機構的諮詢。GoDaddy的其他員工和部門也協助數據隱私辦公室,包括但不限於我們公司的法律和信息安全團隊。



We're committed to protecting customer information from cybersecurity threats. Our information security team uses a variety of controls to protect our systems and customer information from cybersecurity threats. Some of their efforts include:


  • Proactive Monitoring and Assessment: We use monitoring and detection tools designed to identify and mitigate threats before they impact GoDaddy or our customers. We also regularly scan our environment to identify potential vulnerabilities.
  • Security by Design: Our developers are encouraged to consider cybersecurity from the initial design phase of our products to completion. We also have designed and implemented risk-based processes and procedures to conduct security reviews on new or updated applications prior to launch.
  • Security Frameworks: Some parts of our business are required to align with specialized frameworks, such as the Payment Card Industry Data Security Standards (PCI-DSS) for handling payment card data. Where required by our customer or other agreements, we align our practices and controls with other recognized standards such as International Organization for Standardization (ISO) 27001.
  • Incident Response: We have a dedicated incident response team that works with our business units and other internal and external subject matter experts to respond to potential cybersecurity incidents. In 2023, we updated our policies and procedures for reporting cybersecurity threats internally to strengthen our overall response capabilities.
  • 積極監控和評估:我們使用監控和檢測工具,旨在識別和減輕威脅,以防止其對GoDaddy或我們的客戶造成影響。我們還定期掃描我們的環境,以識別潛在的漏洞。
  • 設計安全:我們的開發人員被鼓勵從產品的初始設計階段到完成時都要考慮網絡安全問題。我們還設計並實施了基於風險的流程和程序,在新的或更新的應用程序啓動之前對其進行安全審查。
  • 安全框架:我們的某些業務部門需要與專門的框架進行對接,例如用於處理支付卡數據的PCI-DSS(付款卡數據安全標準)。在我們的客戶或其他協議要求的情況下,我們會將我們的實踐和控制與其他認可的標準,例如國際標準化組織(ISO)27001保持一致。
  • 事故響應:我們有專門的事故響應團隊,與我們的業務部門和其他內部和外部專家合作,以應對潛在的網絡安全事故。在2023年,我們更新了內部報告網絡安全威脅的政策和程序,以加強我們的整體響應能力。

Employee Training and Education


GoDaddy employees receive annual data security and privacy training through our Do The Right Thing (DTRT) compliance training. We also send alerts to employees to keep them updated on the latest security threats and host regular workshops for specific teams on privacy topics.


Data Privacy


We take a proactive approach to managing our data privacy obligations. Some of our efforts include:


Establishing Core Data Privacy Practices: We empower our customers, employees, and individual data subjects to manage their privacy preferences and exercise their privacy rights when visiting our websites, using our services, communicating with us, or working with us. Our core privacy practices are set forth in our Global Privacy Notice and related privacy policies. We apply our core practices to all individuals with whom we interact.


Global Regulatory Compliance: While we maintain a global privacy program where we apply a core set of common principles to how we handle personal data, we are mindful of local requirements and restrictions in many of the jurisdictions where we do business and have developed jurisdiction specific data privacy notices for the United States, the United Kingdom, and the European Union. From time to time, we have also adjusted our privacy practices to meet local requirements in other jurisdictions where we do business. We also follow jurisdiction-specific privacy practices relating to handling of personal data relating to our employees and job applicants.


International Data Transfers: In 2023, the U.S. and E.U. reached agreement on a new framework to allow lawful transfers of personal data from Europe to the United States (the "U.S.-E.U. Data Privacy Framework"). GoDaddy certified its compliance with this framework, as well as its compliance with the U.S. and U.K. extension to the U.S.- E.U. Data Privacy Framework. Where the Data Privacy Framework does not apply to transfers from the U.K. and E.U., we use other recognized transfer mechanisms, including standard contractual clauses.


  • Data Processing Agreements: In addition to our responsibilities for handling the personal data of our customers, employees, and other data subjects with whom we interact directly, we also handle personal data on behalf of our customers. In this capacity, we act as a data processor, and our customers retain primary responsibility for safely and lawfully processing personal data. Where required by our agreements or applicable laws, we enter into data processing addendums that regulate our rights and responsibilities for processing personal data on behalf of our customers.
  • Service Providers: Whether acting as a data controller or processor, we use service providers to process personal data when necessary or appropriate to provide our services or conduct our business. When we provide personal data to a service provider or other third-party acting on our behalf, those service providers and third parties are required to comply with our instructions and contractual restrictions in processing personal information on our behalf.
  • GDPR Independent Assessment: In 2023, TRUSTe independently assessed GoDaddy's compliance with the EU General Data Protection Regulation (GDPR) and validated that GoDaddy provided evidence and other support showing that it implemented program-level measures that are designed to meet TRUSTe's 40 GDPR Privacy Program Validation Requirements.
  • Privacy by Design: Our Data Privacy Office also consults with our business teams on day-to-day privacy issues, ranging from conducting privacy impact assessments (PIAs) on new business practices to participating in the earliest phases of new product designs to ensure that privacy concerns are addressed during product development. In 2023, we rolled out a new technical solution to streamline the PIA review and more closely integrate privacy reviews with engineering reviews.
  • 數據處理協議:除了處理我們直接與之互動的客戶、員工和其他數據主體的個人數據的責任外,我們還代表我們的客戶處理個人數據。在這種情況下,我們充當數據處理者,我們的客戶保留安全和合法處理個人數據的主要責任。在協議或適用法律要求的情況下,我們與客戶簽訂數據處理補充協議,以規範我們在代表客戶處理個人數據方面的權利和責任。
  • 服務提供商:無論是作爲數據控制者還是處理者,我們在必要或適當時使用服務提供商處理個人數據,以提供服務或進行我們的業務。當我們向代表我們處理個人信息的服務提供商或其他第三方提供個人信息時,這些服務提供商和第三方需要遵守我們的指示和合同約束,對我們處理個人信息的權利和責任進行約束。
  • GDPR獨立評估:2023年,TRUSTe獨立評估了Godaddy對歐盟一般數據保護條例(GDPR)的合規性,並確認Godaddy提供了證據和其他支持文件,證明其實施的計劃級措施旨在滿足TRUSTe的40個GDPR隱私計劃確認要求。
  • 隱私保護設計:我們的數據隱私辦公室還就日常隱私問題與業務團隊進行諮詢,從開展新業務實踐的隱私影響評估(PIA)到參與新產品設計的最早階段,以確保在產品開發過程中解決隱私問題。2023年,我們推出了一種新的技術解決方案,以簡化PIA審核,更緊密地將隱私審核與工程審核整合。

Ambitions for 2024


We saw significant changes in the global privacy and cybersecurity landscape in 2023, as many jurisdictions rolled out new rules and regulations that may affect our business in the coming year. We also have seen rapid technological change as new AI and ML tools have been deployed that allow processing of personal information in new ways. In 2024, we aim to continue to adapt our privacy program and cybersecurity practices to meet evolving legal requirements and business needs in this rapidly changing environment.


To learn more, read our 2023 Sustainability Report.




About this Report


The GoDaddy 2023 Sustainability Report details our progress toward our corporate sustainability goals, strategies, and initiatives in support of our overarching corporate mission and values. Unless otherwise noted, this report reflects our corporate sustainability performance across our global operations covering the fiscal year period from January 1 to December 31, 2023. To demonstrate our commitment to transparent communication regarding our sustainability progress, we routinely share updates through our website and our annual Sustainability Report. We welcome your questions, comments, and feedback on this report by contacting

GoDaddy 2023可持續發展報告詳細說明了我們在支持公司使命和價值觀方面實現企業可持續發展目標、戰略和計劃的進展情況。除非另有說明,本報告反映了2023年1月1日至12月31日財年期間全球業務的企業可持續發展表現。爲了展示我們對可持續發展進展的透明溝通承諾,我們定期通過我們的網站和年度可持續性報告分享更新。歡迎通過聯繫ESG@GoDaddy.com與我們分享您對此報告的問題、意見和反饋。

This report references the Global Reporting Initiative (GRI) Standards and includes select Sustainability Accounting Standards Board (SASB) metrics for the Internet Media and Services sector. We also disclose our contributions and progress toward priority UN SDGs. For additional information on how we align with these frameworks and key indicators demonstrating our sustainability performance, please review the Frameworks and Metrics section.


View additional multimedia and more ESG storytelling from GoDaddy on


Contact Info:
Spokesperson: GoDaddy




