American Express is a diversified worldwide travel, financial and network services provider founded in 1850. The company is a leader in charge and credit cards, stored value products, travel services, financial planning, investment products, insurance and international banking. In each of these businesses, we have relationships with customers -- individuals to whom we provide personal financial products and services. As a part of these customer relationships, we collect information necessary to enroll customers in products and services, to provide the services they have selected, to administer their accounts, and to offer them related or additional American Express products and services.

Because we strongly advocate the protection of customer information, we believe that the adoption and implementation of the following American Express Customer Privacy Principles makes good business sense and will serve the interests of our customers in effective privacy protection.

Our Customer Privacy Principles were first published in 1991, and they were modified in 1997. We are republishing these principles now to reiterate our commitment and simplify the language.

These Customer Privacy Principles guide our conduct in the collection, use, release, and security of customer information. They outline the responsibilities we assume as employees and our expectations of business partners.

In working with our partners and vendors to identify customers and prospective customers for marketing purposes, we require strict contractual obligations regarding information use and security, including our right to audit those partners and vendors to ensure that they are adhering to our privacy requirements.

These principles define our commitment to protect the privacy of our customers. Each American Express business unit may also maintain its own policies and practices, which are fully consistent with these principles. In those jurisdictions that call for additional information practices, our policies and practices will meet the requirements of applicable law.

CUSTOMER PRIVACY PRINCIPLES 2002

1. WE COLLECT ONLY CUSTOMER INFORMATION THAT IS NEEDED, AND WE TELL CUSTOMERS HOW WE USE IT.

We limit the collection of information about our customers to what we need to know to administer their accounts, to provide customer services, to offer new products and services, and to satisfy any legal and regulatory requirements. We also tell our customers about the general uses of information we collect about them, and we will provide additional explanation if customers request it.

2. WE GIVE CUSTOMERS CHOICES ABOUT HOW THEIR INFORMATION WILL BE USED.

Our businesses give customers "opt out" choices about how information about the customer's relationship with that business unit may be used to generate marketing offers. These marketing choices include product and service offers from American Express businesses and those made by our business partners. Of course, each of our businesses will continue to send its customers information relating to products or services they receive from that business.

3. WE ENSURE INFORMATION QUALITY.

We use advanced technology, documented procedures and internal monitoring practices to help ensure that customer information is processed promptly, accurately and completely. We will respond in a timely manner to customers' requests to correct inaccurate account or transaction information. We also require high standards of quality from the consumer reporting agencies and others that provide us with information about prospective customers.

4. WE USE PRUDENT INFORMATION SECURITY SAFEGUARDS.

We limit access to customer information systems to those who specifically need it to conduct their business responsibilities, and to meet our customer servicing commitments. We employ safeguards designed to protect the confidentiality and security of our customer information.

5. WE LIMIT THE DISCLOSURE OF CUSTOMER INFORMATION.

We do not disclose customer information unless we have previously informed or been authorized by the customer, or we do so in connection with our efforts to reduce fraud or criminal activity and to comply with regulatory requirements and guidelines. When a court order or subpoena requires us to release information, we typically notify the customer to give the customer an opportunity to exercise his or her legal rights. Further, we will not disclose or use health information for marketing purposes or use it as a basis to make credit decisions.

6. WE ARE RESPONSIVE TO CUSTOMERS' REQUESTS FOR EXPLANATIONS.

If we deny an application for our services or end a customer's relationship with us, to the extent permitted by applicable law, we will provide an explanation, if requested. We state the reasons for the action taken and the information upon which the decision was based, unless the issue involves potential criminal activity.

7. WE HOLD OURSELVES RESPONSIBLE FOR OUR PRIVACY PRINCIPLES.

Each American Express employee is responsible for maintaining consumer confidence in the company. We provide training and communications programs designed to educate employees about the meaning and requirements of these Customer Privacy Principles. Employees who violate these principles are subject to disciplinary action, up to and including dismissal. Employees are expected to report violations, and may do so confidentially, to their manager, to their business unit's compliance officer, or to the company's Office of the Ombudsperson.

We also conduct internal assessments of our privacy practices and periodically commission outside expert reviews of our compliance with the Privacy Principles and the specific policies and practices that support these principles.

8. WE EXTEND THESE PRIVACY PRINCIPLES TO OUR BUSINESS RELATIONSHIPS.

We require companies we select as our business partners to agree to keep our customer information confidential and secure, to protect the information against unauthorized access, use, or redisclosure by the recipient company, and limit its use to the purposes for which it was provided to them.

We also encourage our business partners to respect their customers' information by adopting strong and effective privacy policies and practices, including offering "opt out" choices for marketing offers to their customers.

top of page