Skip to main content

Confidentiality, privacy and cybersecurity

Safeguarding confidential and personal information is core to the services Deloitte firms provide. Deloitte is committed to protecting confidential and personal information, including that of Deloitte clients and third parties, and to monitoring regulatory and legal requirements to support compliance.


2023 Global Impact Report

Building better futures

Confidentiality and privacy

The Deloitte Global Confidentiality and Privacy Office helps foster a culture across Deloitte that emphasizes the importance of protecting confidential and personal information. This office sets guidelines, develops procedures, provides consultation and training, and assesses the effectiveness of controls relating to confidentiality and privacy. The Deloitte Global Confidentiality and Privacy Office works with Deloitte Technology, including the Deloitte Global Cybersecurity organization, and the Deloitte Global Office of General Counsel, to understand, prepare for, and respond to known and reasonably anticipated risks and threats facing our environment.

Consistent with industry leading practices for protecting confidential and personal information, Deloitte has taken steps to remain secure, vigilant, and resilient, including:

  • Understanding the risk environment;
  • Implementing policies, procedures, and controls designed to protect confidential and personal information;
  • Responding to potential confidentiality and privacy incidents in a timely manner; and
  • Actively monitoring the effectiveness of confidentiality and privacy requirements across the Deloitte organization.

Deloitte is dedicated to complying with applicable privacy laws and regulations around the globe, including the European Union General Data Protection Regulation (GDPR). Deloitte regularly monitors for changes in privacy laws and regulations, and adjusts policies and procedures when appropriate. Additionally, Deloitte performs an annual review process to verify Deloitte Global’s and Deloitte member firms’ compliance with our confidentiality and privacy standards.


The Deloitte Global Cybersecurity organization works with the Deloitte Global Confidentiality and Privacy Office, as well as Deloitte confidentiality, privacy, and cybersecurity professionals throughout the Deloitte network, to execute a strategy designed to:

  • Create a cohesive, worldwide cyber program with consistent, high-quality security services;
  • Extend security tools worldwide for advanced protection of highly distributed data;
  • Implement and sustain technology safeguards to protect confidential and personal information;
  • Prepare and implement plans to promptly recover from and restore any systems that may be adversely impacted by a cyber incident; and
  • Reduce the risk of unauthorized exposure of confidential or personal information.


Graham McKay
Deloitte Global Confidentiality and Privacy leader and Data Protection Officer

Kevin Winter
Deloitte Global Chief Information Security Officer

Strong and effective governance helps enable Deloitte to deliver on our clients’ trust, operate our business ethically, balance the interests of our stakeholders, and serve the public interest.