Pearson Privacy Principles
We have seven core Privacy Principles that guide our work. Our Privacy Principles are grounded in responsibility, guided by global standards, and powered by trust.
1. Lawfulness, Fairness and Transparency
We process personal data legally and openly, ensuring individuals understand how their data is used
We identify a legal basis for data processing, avoid unlawful activities, consider the impact on individuals, handle data as individuals would expect, and communicate openly about data processing. Pearson must have a legal reason for processing personal data and clearly communicate this to users. We explain how users' data is processed, including how it is collected, used, stored, and shared
2. Purpose Limitation
We collect data for clear, legitimate reasons and only use it in ways that align with those purposes.
Personal data should only be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. The use of personal data for purposes like public, scientific, historical, or statistical purposes shall not be considered to be incompatible with the initial purposes.
3. Data Minimization
We only collect the data we truly need—nothing more, nothing less.
Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purpose(s) for which they are processed.
Personal data should be sufficient to achieve the intended purpose, have a rational relationship to that purpose, and not be more than what we need for that purpose.
4. Accuracy
We take steps to ensure data is correct, complete, and up to date
Personal data must be accurate, complete, and where necessary, kept up to date by us throughout its lifecycle. At Pearson, we take all reasonable steps to ensure the personal data we hold is accurate and not misleading. We keep personal data updated as needed and correct or delete any incorrect or misleading data as soon as possible.
5. Storage Limitation
We retain data only as long as necessary, in line with our retention policies.
Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purpose(s) for which they are processed.
Personal data should be sufficient to achieve the intended purpose, have a rational relationship to that purpose, and not be more than what we need for that purpose.
6. Security, Integrity and Confidentiality
We protect data with strong technical and organisational safeguards.
Personal data must be kept securely and processed in a manner that ensures appropriate security. We regularly review and update security policies, procedures, and controls to ensure they remain effective and up-to-date. We conduct regular security awareness training for employees to educate them on their responsibilities and the importance of safeguarding personal data.
7. Accountability
We take responsibility for our data practices and document our compliance.
Pearson is required to be accountable and to take responsibility for what we do with personal data and how we comply with the other principles and data protection legislation. We are responsible for and should be able to demonstrate compliance. We have appropriate measures and records in place to demonstrate that we are complying. We implement effective data privacy policies, procedures, and controls, as well as conduct regular assessments and audits to ensure ongoing compliance.
