Organization: American Express Company

Year: 2015

Whereas: Whereas: Customer trust is critical for American Express, which routinely gathers massive amounts of personal financial data concerning and affecting the lives of millions of people; breaches of privacy and data security are a growing threat which can result from company negligence, external attacks, and government surveillance. The Wall Street Journal reported that the U.S. National Security Agency (NSA) has obtained customer data from credit card issuers. Businessweek reported that an NSA program, 'Follow the Money,' tracks records of international payments and credit-card transactions and their database contained 180 million records in 2011- 84 percent were credit-card transactions. TIME reported that credit card networks 'are most likely giving the government 'metadata.' That is, the credit card issuers could provide the NSA details such as an account or card number, where or when a purchase was made, and for how much,' Controversy over U.S. government surveillance has spurred massive global press coverage, hearings in the U.S. and Europe, and widespread calls for reform. Responding to growing public concern, Internet companies including Google, Apple, Microsoft, LinkedIn, Twitter, and Facebook and telecommunications companies Verizon and AT&T now regularly publish 'Transparency Reports,' detailing government requests for confidential customer data. While privacy is critical to the success of AXP's business, AXP has not disclosed information regarding the extent and nature of requests for customer data made by government agencies. Unauthorized collection, disclosure, or misuse of personal information can cause great harm to individuals and society-including discrimination, identity theft, financial loss, loss of business or employment opportunities, humiliation, reputational damage, questionable government surveillance, or physical harm. We believe AXP's Board has a fiduciary and social duty to protect company assets, including the personal information of customers. Risks include privacy breaches, consumer profiling controversies, litigation, and a loss in brand value. Privacy is fundamental to democracy and free expression. While AXP must comply with legal obligations, failure to persuade customers of a genuine long-term commitment to privacy could present AXP with serious financial, legal and reputational risks. Resolved, shareholders request that the Company publish an annual report explaining how the Board is overseeing privacy and data security risks, providing metrics and discussion, subject to existing laws and regulation, regarding requests for customer information by U.S. and foreign governments, at reasonable cost and omitting proprietary information.

Resolved: Resolved: shareholders request that the Company publish an annual report explaining how the Board is overseeing privacy and data security risks, providing metrics and discussion, subject to existing laws and regulation, regarding requests for customer information by U.S. and foreign governments, at reasonable cost and omitting proprietary information.

Supporting Statement:Supporting Statement: In preparing these reports, the Company may omit information on routine requests under individualized warrants. The reports should consider existing Transparency (or Law Enforcement Request) Reports published by major internet companies, and where applicable, include (1) how often AXP has shared information with U.S. or foreign government entities; (2) type of customer information shared; (3) number of customers affected; (4) type of government requests; and (5) discussion of Company efforts to protect customer privacy and data.