Significance

Importance To Berry Global and our Stakeholders

Data security is important for protecting intellectual property and private data, as well as complying with privacy regulations. By developing a robust approach to data security, we reduce security risks and help ensure business and stakeholder information is handled securely. Data security also helps safeguard our research and development efforts to ensure our innovations remain confidential.

Our Customers: Customers expect us to keep their data private, secure, and protected from breaches.

Our Investors: A robust approach to data security is critical to mitigating risk and maximizing long-term shareholder value. By taking effective data security measures, we reduce the likelihood of costly data breaches or regulatory fines and safeguard our company's financial stability and reputation.

Our Approach

Data security is fundamental to protecting intellectual property, maintaining privacy, and meeting regulatory requirements. Berry’s comprehensive approach safeguards business and stakeholder information while protecting our R&D innovations and confidential work. We recognize our dual obligation: To customers who trust us with their private information and to investors who understand that robust data security is essential for long-term value creation. At Berry, most of our contracts with customers relate to their purchase of innovative packaging solutions, and our business model does not typically involve the collection, storage, use, disclosure, retention, transfer, handling, analysis, and any other personal information from outside third parties. Our employees handle sensitive data from multiple sources—suppliers, team members, and customers. To meet this responsibility, we collect only necessary information; store data using secure methods; share information strictly on a need-to-know basis and in compliance with legal requirements; and follow clear retention policies for proper disposal when data no longer serves business or legal purposes. This strategy—supported by a diverse set of tools and practices—ensures both the security and accessibility of our resources while maintaining the highest standards of data protection.

Key Metrics 

The below metrics are based on Berry's fiscal years unless otherwise noted. 

Data Security and Transparency
  2024
Compliance Training; (Full Time Employees) Courses Completed
Cybersecurity Awareness Training 12,509

Key Strategies

Cybersecurity 

Infographic to show Cybersecuirty Awareness and Training courses completed at BerryGlobal cybersecurity threats and targeted attacks are an evolving risk to our data, infrastructure, and overall operations. Through our Cybersecurity Program, we have implemented a wide array of tools and practices designed to maintain the security and availability of our resources. To further mitigate our cybersecurity risk, we have information security risk insurance in place across our business.


Icon to illustrate TechnologyTechnology

Industry-leading solutions to protect our systems with 24/7/365 monitoring by experienced security professionals.


Icon to illustrate Cybersecurity AssessmentCybersecurity Assessment

Targeted security assessments and penetration tests conducted throughout the year by internal and external entities.

Continuous vulnerability scanning of our digital environments with industry-leading vulnerability management solutions


Icon to illustrate Training and AwarenessTraining and Awareness

Regular meetings with information technology and security employees from around the world to discuss emerging threats and concerns

Annual and periodic security awareness training for employees

Supplemental training and testing for key employees in high-risk job functions 


Icon to illustrate Incident ManagementIncident Management

Defined Global Incident Response Plan designed to enable compliance with reporting standards and provide robust response to global cybersecurity events

Incidents are reviewed by the Global IT Leadership Team and appropriate members of Senior Management

We undergo annual 3rd-party cyber security audit and penetration tests. These are performed in alignment with information security standards, but we have not yet pursued certification to these standards. We also conduct an annual (Sarbanes-Oxley) SOX audit of financial controls, including access to accounts and data. Our business continuity and contingency plans for our primary ERP and related critical APPs are tested bi-annually to ensure our procedures remain robust. In addition, our other ERPs maintain backups that are tested annually. 


Data Privacy and Protection 

Berry Global recognizes and respects the importance of data privacy and protection. In the European Union an individual’s data privacy is an established fundamental human right. Frameworks such as the EU’s General Data Protection Regulation (GDPR), California’s Consumer Privacy Act (CCPA), Brazil’s General Personal Data Protection Law (LGPD), and many others have shaped how we interact with an individual’s data across our businesses and operating locations. It is important we not only meet these existing requirements, but anticipate and are prepared for new regional laws and the continuous evolution of current legislation.

We also firmly believe in the principles that apply to handling data with the care it deserves – whether for our team members, customers, suppliers or other potential partners. We are committed to only collect necessary data, to store the information with care, to share only where legally permitted and on a need-to-know basis, and to dispose of records in accordance with our internal records retention policy. This commitment demonstrates to our team members and business partners that we can be trusted with the information they provide to us. We set clear standards regarding our approach to data privacy in our Privacy Policies and provide additional guidance in our Global Code of Business Ethics. To further strengthen our approach, we are committed to continually developing and/or improving our data privacy processes and practices. This includes ongoing training for our employees and regular technology reviews.

Lastly, if any stakeholder believes their data is not handled appropriately, they can report their concern to our Ethics Helpline, which is supported by our Non-Retaliation Policy. This policy also covers external stakeholders, such as customers and suppliers.

Disclosures

Contribution to the Sustainable Development Goals (SDGs) 


SDG 8: Decent Work and Economic GrowthSDG 8: Decent Work and Economic Growth

By protecting employee and customer data, we build trust and stability in our operations, contributing to a positive work environment and reinforcing efficient business practices.

SDG 9: Industry, Innovation, and InfrastructureSDG 9: Industry, Innovation, and Infrastructure

Implementing robust data security measures and technologies helps us deliver resilient and sustainable infrastructure within our operations, which is crucial for responsible economic growth and development.

SDG 16: Peace, Justice, and Strong Institutions SDG 16: Peace, Justice, and Strong Institutions 

Through data security and privacy measures, we handle personal and sensitive information ethically and legally, reducing the potential for conflicts and disputes related to data breaches.

GRI and SASB Alignment 

GRI 418(3-3) Customer Privacy
GRI 418-1 Substantiated Complaints Concerning Breaches of Customer Privacy and Losses of Customer Data

Last updated: March 17, 2025