www.principal.com Open in urlscan Pro
2620:12a:8001::2  Public Scan

URL: https://www.principal.com/security-policies
Submission: On January 03 via api from US — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

Skip to main content
 * For Individuals
 * Invest & retire
    * Ways to Save
      * Roth & traditional IRAs
      * Rollover IRA
      * Annuities
      * Retirement plans
    * My Retirement Plan
      * Enroll in your 401(k)
      * Rollover an account
      * Find a form
    * Get Help
      * Help for individuals
      * Find a financial professional
   
   Your financial future starts here
   
   Discover your path to investing and retirement

 * Insure
    * Ways to Insure
      * Disability income insurance
      * Disability income retirement security
      * Estate planning & irrevocable life insurance trusts
    * My Insurance
      * Find a dentist
      * Find a vision provider
      * Find a form
      * View a claim
    * Get Help
      * Help for individuals
      * Find a financial professional
   
   Peace of mind starts here
   
   Discover how insurance can help you protect what matters

 * Build your knowledge
    * Getting Started
      * Budgeting
      * Debt
      * Education
      * Financial planning
      * Investing
    * Living Your Life
      * Health care
      * Insurance
      * Markets and the economy
      * Taxes
      * Workplace benefits
    * Looking Ahead
      * Estate planning
      * Nearing retirement
      * Retirement income
      * Retirement planning
      * Social Security
   
   See all topics and articles

For Businesses
Search
Clear

SearchLoading


Close search
Log in Menu



ONLINE SECURITY POLICIES


SECURITY POLICIES

We protect your information in many ways—from ensuring that our buildings are
secure, to proactively preparing for disasters and business interruptions, to
using secure computing practices. Safeguarding your information’s
confidentiality, integrity, and availability is one of our highest priorities.

The information for the accounts you have with Principal Financial Group® is
kept secure and confidential through multiple security features and procedures.


OUR ONLINE SECURITY FEATURES HELP PROTECT DATA

The account information you request from our website can only be accessed with
your username, password and, in certain situations, unique verification codes.
It is your responsibility to keep your login information confidential.

 * Do not disclose your login information to anyone. Our employees and
   associates will never ask you for your password.
 * If you write your login information down, keep it in a safe place where
   others can't see it.
 * Contact us immediately to change your login information if you suspect
   someone has discovered it or if you have been informed your credentials were
   part of a data breach.

Information you submit through our website, as well as the information we send
back to you while you are visiting our website, is protected using strong
encryption when necessary. Our secure server software encrypts information,
ensuring that Internet communications through our website stay private and
protected.

To allow you to process transactions on our website, we use cookies. See what
types of information we collect by using cookies and spotlight tags.

Your account information is not permanently stored on our web server. The
information only resides on our web server while you are viewing the
information. It is, however, permanently stored on our secured corporate
computer systems and retained according to our company record retention policy.


SECURITY SOFTWARE KEEPS INFORMATION PRIVATE

To ensure the secure transmission of your confidential account information over
the Internet, we use a secure communications solution called Transport Layer
Security (TLS). All modern browsers support TLS, but if your browser does not,
you will receive a message indicating that your session cannot be completed
because of the security risk.

TLS establishes a secure connection between two computers (e.g., your browser
and our web server). It is used to implement HTTPS, the secure version of HTTP,
and is an open technology supported across various browsers. We require that you
use a TLS-enabled browser to communicate with the secure area of our site. You
know you are visiting the secure area of our site when the URL begins with
"https://".

We recommend using the most current browsers to ensure a high level of security.
Web browsers supported by Microsoft, Mozilla, Apple, and Google support the
latest versions of TLS. Older and less secure versions of TLS may no longer be
supported.


SECURITY HELPS PROTECT YOUR DATA

Customer access to web and mobile applications requires the use of unique
usernames and strong passwords. Principal uses adaptive authentication systems
to evaluate your location at the time of authentication and monitor historical
patterns of login locations. We also use additional login security features,
including:

 * Verification codes
 * Timed log-off


AN EXTRA LAYER OF SECURITY

For accounts that support it, we recommend using two-factor authentication,
which requires both your password and an additional code to log in to your
account. The code, or a random number generated by an application, is sent to
your phone. This helps protect your account information when logging in, in the
event your password is compromised.


WE LIMIT ACCESS TO YOUR COMPANY DATA

Principal has a formal, documented process to grant and revoke access to company
resources (systems, data, mobile, etc.) that is supported by administrative,
technical and physical controls. Our employees may not access or disclose
personally identifiable information for any reason except as authorized for
company-related business purposes.

 


OTHER WAYS WE PROTECT YOUR INFORMATION

 


OUR SECURITY PROGRAM: SAFEGUARDING YOUR INFORMATION

Principal has a comprehensive written Information Security Program that
safeguards information against unauthorized or accidental modification,
disclosure, fraud, and destruction.

 * Security policies and standards, are documented and available to our
   employees.
 * Collection of personal information is limited to business need and protected
   based on its sensitivity.
 * Employees are required to complete privacy, security, ethics, and compliance
   training.
 * Risk management processes and procedures are documented and communicated.


SECURITY ISSUES

How to Submit a Security Issue

Contact us to submit a security issue to Principal Financial Group. Please
include a description of the security issue. We may contact you with a request
for more information. 


BUSINESS CONTINUITY (BC) AND DISASTER RECOVERY (DR) PROGRAMS

We also have a BC and DR program. Critical business functions, processes, and
supporting applications have been identified and are regularly reviewed.
Appropriate response and recovery plans have been developed. Testing is
completed annually.

The basis for the program is professional best practices established by industry
organizations such as Disaster Recovery Institute International (DRII), Business
Continuity Institute (BCI), and International Organization for Standardization
(ISO).The technology recovery plan leverages geographically distant data
centers, while the incident management process facilitates response and recovery
activities by appropriately implementing plans if a disruptive event occurs.


ANTIVIRUS PROTECTION

All Windows servers and workstations have antivirus software installed, and
updates to definitions are applied frequently. Our information technology
managers review recurring reports to ensure compliance levels are met. All
alerts are reviewed by staff in the cyber defense operations center.


PATCH MANAGEMENT

We monitor for significant new vulnerabilities and attacks that have the
potential to affect our systems and apply patches and mitigations as
appropriate. We have a vulnerability management practice that regularly tests
our systems to ensure that they are not open to attack.


INCIDENT MANAGEMENT

We have processes to track, manage, and resolve all incidents. If a data
security incident is discovered, a response plan is promptly initiated and
executed. We adhere to all applicable state and federal disclosure laws.


CYBER SECURITY INSURANCE

Principal has cyber security insurance. Our policy provides Network Security and
Privacy Liability insurance coverage. It includes any network security or
privacy event discovered during the policy period affecting a majority-owned
member company of Principal and events originating from our third-party service
providers.


INDUSTRY COLLABORATION

Principal is a member of the Financial Services–Information Sharing and Analysis
Center (FS-ISAC). FS-ISAC is an industry forum for collaboration on critical
security threats facing the global financial services industry.


VETTING THIRD-PARTY SERVICE PROVIDERS

Principal has a defined Supplier Management Program, which includes processes
for vetting, selecting, and monitoring third-party service providers.
Third-party security profiles are completed when certain types of data are
provided to and/or stored at a third-party location. Additional risk assessments
may be completed based on the nature of the third-party service or solution
provided. For example, a separate risk assessment is completed if a third party
is granted access to our networks, systems, or data.


ADDITIONAL SECURITY PRACTICES

 * Call centers have procedures in place to help validate the identity of
   callers.
 * Regular training is conducted with our employees on how to detect fraudulent
   activities.
 * Strict standards that limit access to data are followed.
 * Regular testing of our security controls is performed.

If you have questions or comments regarding any of our security policies,
procedures, or practices, please contact us.


YOU CAN HELP PROTECT YOUR DATA, TOO

In addition to the steps we take to secure your account information, your
actions play a big part in protecting your data, too. 

Protecting your personal information can help reduce your risk of identity
theft. There are 4 main ways to do it:

 1. Know who you share information with
 2. Store and dispose of your personal information securely, especially your
    Social Security number
 3. Ask questions before deciding to share your personal information
 4. Maintain appropriate security on your computers and other electronic devices

Read more from the Federal Trade Commission about how to keep your personal
information secure. 


CHOOSE A SECURE PASSWORD

 * Choose passwords that are not a duplicate of other personal information
   (e.g., Social Security number, birth date, etc.)
 * Choose a password that is easy for you to remember, but difficult for others
   to guess. Do not use information about yourself that others can easily find
   out.
 * When possible, use a passphrase instead of a password, making it as long as
   you can without using any common phrases or quotes and include characters,
   numbers and upper and lower case letters.
 * Using a mobile device? We highly recommend setting a device passcode/password
   of at least 6 characters or using biometric features on your device.


PROTECT YOUR ACCOUNT NUMBERS, PINS, AND PASSWORDS

 * Never share your PINs, usernames, or passwords with anyone. Be cautious of
   emails or individuals who ask for this information. We will never ask for
   your personal password via email or telephone.
 * If you do need to write down login information, put it in a safe and secure
   place. Don’t carry this information in your wallet.
 * Identify one secure location in your home to store all of your financial
   records.
 * Do not use the same passwords across web sites, especially those sites that
   store and process financial information. If other sites are not secure, your
   password could be compromised.
 * Certain devices are eligible to enable biometric sign-on; an example is
   fingerprints. Use caution if you store multiple biometrics on your device,
   such as fingerprints from a spouse/partner or child, as those users could
   access mobile apps on your phone. This includes the Principal Mobile app when
   fingerprint is enabled.
 * Review and balance your account statements on a regular basis. Watch for any
   transactions showing unfamiliar payees and amounts you do not recognize.


PROTECT YOUR PERSONAL COMPUTER AND MOBILE DEVICES

Your personal computer

Your home computer is likely where you go online to check your accounts with us
and do business with other companies. That’s why it’s important to protect it
from viruses and spyware with antivirus software and frequently applied updates.
Most major software companies regularly release updates or patches to their
operating systems to prevent security problems. It’s a good idea to keep your
system and applications updated with the latest patches and releases.

Your mobile devices

Don’t forget about your smartphone and tablet—it’s just as important as a
personal computer.

Always activate a PIN or lock function for your device. This is the simplest and
most important thing you can do to ensure security on your mobile device,
especially if it’s lost or stolen.

Use caution when downloading apps. Avoid installing applications outside of the
Apple or Google app stores. Some apps can contain malware designed to steal your
personal and financial information. Before you install the app, review
permissions to decide if you’re comfortable granting the level of access
requested by that app. It’s also a good idea to read other user reviews and
comments to see if anything suspicious has been reported about the app.


PROTECT YOUR IDENTITY

Identity theft and identity fraud includes all types of crime where someone gets
and uses another person’s personal data in a way that involves fraud or
deception, usually for economic gain.

For more on how to protect your identity, read these tips from the Federal Trade
Commission and the IRS.


ONLINE SECURITY

Using a wireless network at home is convenient but leaving it unsecured is an
opportunity for cyber criminals to access and discover sensitive information.
Make sure you use a unique passcode so your family is the only one using the
network. You can also contact your wireless software vendor about stronger
encryption.

Read more from the Federal Trade Commission about online security. 


LOG OUT OF WEBSITES

After you sign into a website, remember to sign out. It's an easy step you can
take to ensure your information doesn't end up in the wrong hands.


CHECK YOUR CREDIT REPORT REGULARLY

We recommend checking your credit report regularly with each of the 3 major
credit bureaus.  You're entitled to one free copy of your credit report every 12
months from each of the three nationwide credit reporting companies. Order
online from annualcreditreport.com, the only authorized website for free credit
reports, or call 877-322-8228. You will need to provide your name, address,
social security number, and date of birth to verify your identity.

A credit report contains information on where you live, how you pay your bills,
and whether you've been sued, arrested, or filed for bankruptcy. Nationwide
consumer-reporting companies sell the information in your report to creditors,
insurers, employers, and other businesses that use it to evaluate your credit.


IF YOU EXPERIENCE FRAUD OR SUSPECT A BREACH OF AN ACCOUNT

Call our fraud hotline at 800-642-3788 or report unethical or fraudulent
activity online.



--------------------------------------------------------------------------------


About us Investor relations News room Sustainability Insights Careers Global
jobs Financial professional opportunities Internships Recent graduates For
dental providers For financial professionals Principal Asset Management



COOKIES ACCEPTANCE



By clicking “Accept all”, you agree to storing cookies on your device to enhance
site navigation, analyze site usage, and assist in our marketing efforts. More
information can be found by clicking "Manage cookies".

View our Global Privacy Statement



Manage cookies Accept all



PRIVACY PREFERENCE CENTER

When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. These “cookies” of information might be
about you, your preferences, or your device, and they’re mostly used to make the
site work as you expect it to. Cookies don’t usually directly identify you, but
they can give you a more personalized web experience. Because we respect your
right to privacy, you can choose not to allow some types of cookies. Click on
the category headings to read more or change your default settings. (Note:
Blocking some types of cookies may impact your experience on our site, as well
as the services we can offer you.)
More information
Accept all


MANAGE CONSENT PREFERENCES

STRICTLY NECESSARY COOKIES

Always active

These cookies are necessary for our website to function and can’t be switched
off in our systems. They’re set for you behind the scenes when you do things
such as log in, fill out forms, make a request for services, or set your privacy
preferences. You can set your browser to block or alert you about these cookies,
but some parts of our site won’t work without them.

Cookies Details‎

PERFORMANCE COOKIES

Performance Cookies

These cookies allow us to count how many times people visit our website, and how
they get here, so we can measure and improve its performance. They show us which
pages are the most (and least) popular, and how visitors move around on the site
when they’re here. If these cookies are, we have less information about how to
improve our sites that will be useful to you.

Cookies Details‎

FUNCTIONAL COOKIES

Functional Cookies

These cookies enable our website to work smoothly and in a manner personalized
to you. They may be set by us or by third-party providers whose services we’ve
added to our pages. For example; downloading a customer service form using PDF.
If these cookies are blocked, then some or all of these services may not
function.

Cookies Details‎

MARKETING COOKIES

Marketing Cookies

These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant advertisements on other sites. If these cookies are blocked, you will
experience less targeted advertising.

Cookies Details‎

SOCIAL MEDIA COOKIES

Social Media Cookies

These cookies are set by a range of social media services that we have added to
the site to enable you to share our content with your friends and networks. They
are capable of tracking your browser across other sites and building up a
profile of your interests. This may impact the content and messages you see on
other websites you visit.    If you do not allow these cookies you may not be
able to use or see these sharing tools.

Cookies Details‎
Back Button


BACK



Search Icon
Filter Icon

Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label

 * 
   
   View Cookies
   
    * Name
      cookie name

Confirm my choices