Responsibility at IBM

2012 Corporate Responsibility Report

Section Downloads

Download report sections


In this section, Chairman, President and Chief Executive Officer Ginni Rometty’s letter describes how IBM’s goal to unite its business and citizenship strategies is taking shape. We take a thoughtful, comprehensive approach to corporate responsibility and corporate citizenship at IBM, and we integrate that approach into many aspects of our company. In this section you will also find a high-level overview of some of our major activities.


It’s not enough to develop world-class technology, services and expertise—at IBM we realize we must directly apply these things to the communities in which we live and work in order to have a positive impact. In this section, you will find examples of the ways we practiced this approach over the course of 2012 and into 2013.

The IBMer

A great company is forever evolving and growing. At IBM, we make it a top priority to hire, support and retain the people who make us a great company. In this section, you will find examples of the ways we support both the personal and professional development of our employees.


IBM’s unwavering commitment to environmental protection is evidenced across all of our business activities, from our research, development, products and services to the solutions we provide our clients that help them be more protective of the environment. In this section of IBM’s Corporate Responsibility Report, you will find information on our environmental programs, performance and solutions during 2012.

Supply Chain

Social and environmental responsibility is an important part of our business relationships with our suppliers. We work closely with them to encourage sustained improvement throughout our global supply chain and across various aspects of corporate responsibility. In this section you will find examples of how we set requirements for the companies we do business with, grow the global diversity of our supply base and collaborate with industry groups and stakeholders.


IBM’s culture of ethics and integrity is guided by a rigorous system of corporate governance. In this section, you will find examples of the many ways we govern the conduct of the company, manage risk and contribute our expertise to public discourse.

Awards & Metrics

Many of our corporate responsibility efforts received recognition from others in 2012. The most significant of these are listed in “Awards and Recognition.” We rely on a number of metrics to measure our corporate responsibility efforts. Our Key Performance Indicators and other significant metrics can be found in “Performance Summary.”

Privacy and Security

Today’s digital society is built on the fast flow and analysis of information. The strides we make in gathering, routing and analyzing torrents of data hold the promise of an ever-brighter future, a vision we at IBM refer to as Smarter Planet.

But behind these data are real people, real organizations and real concerns about privacy and security. At IBM, we take these concerns very seriously.


IBM believes that consideration for privacy and data protection must be built into the fabric of our business, and our society, in order for individuals and organizations to realize the promises of social progress and economic growth offered by our increasingly interconnected and data-driven world.

The economic value of information continues to increase, and much of that information relates to us as individuals. This information, and how we use it, is at the heart of new business models, new jobs and new ways in which individuals and businesses organize and connect with one another around the globe.

Institutions of all types—including businesses—must work to earn the public’s trust in their ability to steward information, and in turn we as consumers must take educated steps to protect ourselves and our families.

IBM has long been a pioneer in privacy policy and practice:

  • Early 1970s – first company in the world to adopt a global privacy code of conduct
  • 2000 – one of the first companies of any size to appoint a chief privacy officer
  • 2005 – first company to adopt a global genetic nondiscrimination and privacy policy
  • 2012 – recognized as one of the top 10 companies “Most Trusted for Privacy” by US consumers for the seventh consecutive year

In 2012, IBM launched a number of new initiatives around privacy, and expanded others already underway. Some of these programs are designed to help organizations in need of expertise in these areas, some share what works at IBM with the rest of the world, and others strive to promote consideration of privacy and security in the realm of public policy.

Promoting transparency

IBM has been urging better communication regarding privacy for years. As far back as 1999 we decided to withhold advertising dollars from North American websites that did not post their privacy policies. But industry can do more than post a privacy policy. That’s why IBM and other companies worked with the Future of Privacy Forum in 2012 on a consumer trust seal, authenticated by a third party, to give consumers confidence in smart grids. The program helps companies certify their data collection and usage practices against an agreed-upon standard for privacy.

Pro Bono Privacy Initiative

According to Independent Sector, a coalition of nonprofits, foundations and corporate giving programs, there are 1.4 million nonprofits in the United States serving the broad public interest by providing services such as homeless shelters, domestic violence assistance and nutrition support. Given the staggering growth of digital data, these nonprofits are increasingly likely to encounter privacy and personal data security-related issues that they must understand, analyze and address.

In 2012, IBM continued its involvement in an initiative we began in 2011 dedicated to providing nonprofit organizations free legal and other advice on responsible and pragmatic practices for protecting individual privacy and data security. Called the Pro Bono Privacy Initiative, this group of privacy professionals aims to engage with human services agencies to help them navigate mission-critical privacy and data protection considerations. Stemming from the initiative’s pilot, IBM continued to share its data security and privacy expertise with Safe Horizon, the largest victims’ assistance agency in the United States.

The Pro Bono Privacy Initiative is designed to help:

  • Interested nonprofits improve their compliance and risk posture
  • Participating privacy professionals give back to society while enriching their experience and networks
  • Supporting companies, law firms and consultancies demonstrate corporate citizenship

Privacy by Design

In 2012, IBM continued its extensive work to build a globally recognized enterprise privacy program that follows Privacy by Design practices. As big data continues to make headlines, we have built privacy-protective features into our new sensemaking analytics technology, code-named G2, and also published a related paper, coauthored by IBM Fellow and Chief Scientist of IBM Entity Analytics Jeff Jonas and Ann Cavoukian, Ph.D., information and privacy commissioner of Ontario, Canada.


Throughout 2012, we continued to develop IBMPrivacy, a site that offers resources and discussion about privacy and data protection for large enterprises, small businesses and nonprofit organizations. With this site IBM hopes to help demystify the privacy and data security issues that all organizations must address in today’s digital world. By proactively developing privacy plans based on current and practical knowledge, organizations can be better positioned to achieve their overall missions in a way that maintains their good reputation and also enhances compliance.

Social, Smart, Secure. IBM offers tips for staying safe online


Security is a critical aspect of the entire lifecycle of any system, from design and architecture through to implementation, testing, deployment, maintenance and retirement. Today, organizations and individuals are confronting heightened risks as cybersecurity threats continue to grow and evolve with great speed.

At IBM, we carefully consider cybersecurity challenges when conceiving, developing and marketing our technology solutions. We also recognize it is important to collaborate with public and private organizations that build market awareness of these issues and implement policy governing them. We understand the benefit of providing education as well as technology.

In support of that understanding, IBM takes part in the annual Safer Internet Day event. In 2012 the event’s theme was "Connecting generations and educating each other." IBM released free Internet safety training tools for students and deployed thousands of volunteers around the world to help educate consumers and businesses on Internet safety and digital awareness. The kits are designed to help teach teenagers how to protect their personal data and reputation online, to give teachers or adults working with children information on Internet safety and common Internet activities that young people engage in, and to help adults recognize and prevent cyberbullying among youth.

Secure, smart and social computing programs

IBM recognizes the value that social computing can bring to a company, both for internal employee interaction and for building stronger relationships with customers, providers and partners. But the use of social media can also introduce risk. We realize that if not managed correctly, individuals’ engagement with social and other computing technologies can work against an organization’s relationship-building efforts and pose significant security threats.

In 2012 we continued our internal Social Business Management Council, a cross-company group of senior leaders charged with aligning the company’s social business strategies with risk mitigation priorities, to address social media and risk issues as they arise and sponsor enterprise-wide policy enhancements in this area. We again reviewed and updated the IBM Social Computing Guidelines to stay current and address labor and other requirements. And we deployed mandatory employee security education and continued to enhance the “Digital IBMer Hub,” an interactive set of resources available for employees to learn social computing skills and reinforce secure social computing. We continued to refine our social recruiting guidelines that outline how social media can and should be used by employees during the recruiting process, and we created an employee guide for managing digital reputations that stresses the importance of individuals taking responsibility for their own online personas.

Recognizing the risk environment in which all organizations now operate, we continue to review and improve our process for reporting suspicious incidents involving data or IT systems, and we continue to devote resources to support expert response efforts.