The Blackstone Group Inc.:
Principles for the Acquisition and Use of Data
Understanding and better utilizing data is important for Blackstone and our portfolio companies. We use data to help our portfolio companies improve their operating performance, to maximize internal efficiencies and to inform our investment decisions. Blackstone has implemented a best-in-class, robust legal and compliance framework to ensure that we are obtaining and handling data appropriately and in a compliant manner. As such, we adhere to the following Principles:
- Ethics and Transparency: Datasets are acquired and processed lawfully, ethically and for specific purposes, which are communicated upfront. Blackstone is transparent with investors, portfolio companies and others about how it uses data.
- Diligent, Lawful Data Acquisition: Blackstone has a rigorous screening process for all data sources and suppliers. We hold our data suppliers to the same legal and compliance standards to which we hold ourselves. Blackstone conducts due diligence on datasets prior to acquisition and onboarding and obtains appropriate contractual assurances from data sources about the lawfulness and integrity of their data.
- Focus on Thematic Data, not Consumers: We are interested in trends and high-level themes, not data on individual consumers. We use anonymized or aggregated data to help inform our investment decisions and improve our portfolio companies’ performance. We adhere to best-in-class privacy safeguards and take steps to ensure that datasets we receive that do originate from consumer or individuals’ data are properly de-identified, anonymized and/or aggregated before they come to us.
- Limited and Proper Sharing and Sale of Data: When Blackstone shares or commercializes data with legally screened external parties, any such data is fully aggregated and/or anonymized, does not contain personal data, and is governed by Blackstone’s privacy and compliance protections.
- Limited Retention: Blackstone deletes datasets when it no longer needs them or when required to by law. Access to data is permissioned internally on a need-to-know basis to further safeguard privacy.
- Strong Cybersecurity: Blackstone has implemented comprehensive cybersecurity controls and safeguards using robust administrative, physical, and technical measures to protect its data from unauthorized access, use, modification, destruction, and disclosure. These controls and safeguards are regularly tested and reinforced.
- Enforcement and Accountability: Blackstone holds its personnel, service providers and suppliers accountable for complying with these Principles. We provide regular training to all personnel who process or manage datasets.
- Portfolio Company Support: Blackstone supports its portfolio companies in developing or enhancing their data capabilities, or by leveraging data science expertise to provide portfolio company management with services and solutions. Blackstone also supports portfolio companies’ efforts to enhance overall data stewardship practices, including in the implementation of data privacy and cybersecurity programs.