The purpose of this terms of business is to outline the governance and control frameworks that Loock Advisory has put in place to ensure the proper usage and protection of client confidential information. This applies across all Loock Advisory service areas, and is intended for both internal and external stakeholders.

This code of practice defines the rules, procedures, and safeguards that Lock Advisory has implemented to ensure the protection, security, and proper handling of sensitive or confidential client information - including when using AI technologies.

We are fully committed to providing excellent service to our clients, which includes a firm commitment to maintaining the confidentiality of client sensitive information and ensuring data security in all aspects of our service delivery.

Management and organization procedures

At Loock Advisory, we take a rigorous, group-level approach to corporate governance and compliance procedures. Our brands operate under a common global framework of policies and procedures, which is supported by Loock Advisory's global executive leadership, market leaders, functional leaders, risk management processes, compliance reviews, training, and both internal and external audits.


These controls are relevant to all Loock Advisory clients, but can be particularly important for clients where we also represent competitors whose products or services compete for market share, either geographically or within a specific sector. In these cases, we can define and implement specific controls and measures with the client to protect the security and confidentiality of their information.

Rather than relying on brand or physical separation, Loock Advisory manages and mitigates any risks in this area through the implementation of these comprehensive control measures. Our business operates under a common information security framework and follows standard procedures to support team separation (where appropriate) and maintain confidentiality obligations to clients across all our global and specialist brands.

Confidentiality and prevention of unauthorized access

All commercially sensitive information provided to us by a client in relation to their business is held in confidence and remains the property of the relevant client. This may include marketing information, new product information, pricing strategies, market and media research, personal data, and media, creative or customer experience planning information. The maintenance of confidentiality is a matter of priority and we ensure at a minimum we meet the formal provisions of our client contracts.
Loock Advisory will use, access and share client specific media, creative or audience level data or information solely in connection with the services provided to the client.

No confidential client information is disclosed to any third party without the written permission of the client, unless required by law, regulation or a court order. All paper records are kept secure, with access available only to the relevant client service team and a clear desk policy must be operated across all Loock Advisory jurisdictions. Information asset owners must ensure appropriate document retention guidelines are applied to historic client records (paper and electronic) in accordance with relevant accounting practices, local law and client agreements (where defined).

We have security measures in place to prevent unauthorized electronic access to computer systems containing client information. Access to client information is subject to authorization by designated client account approvers or service owners.

Employees are not permitted to discuss, access, or utilize a client's confidential information in any physical spaces, whether within Loock Advisory's own facilities (e.g. cafeterias, elevators, lobby areas) or outside of them, unless they have taken appropriate measures to prevent the inadvertent disclosure of the client's confidential information. Any social media posts related to clients must be made in line with the client's instructions and Loock Advisory's Social Media Policy. When working with third-party providers engaged to support client activities, we ensure that appropriate levels of security are in place, and that they are aligned with our policies and the client's security requirements.

Personnel and staff confidentiality protocols

All new staff members are educated on the importance of client confidentiality and made aware of Loock Advisory's relevant policies and procedures. This training supplements the initial onboarding process. Confidentiality requirements are included in all employment contracts as well as contracts with third-party partners. Client service and information owners must ensure that access to client information is restricted only to the relevant teams and individuals who have a legitimate business need. They must also regularly review and remove access when it is no longer required.


Any Loock Advisory personnel who fail to comply with policies related to data privacy and security will be subject to disciplinary procedures, up to and including termination of employment. All Loock Advisory personnel have an obligation to comply with this Code of Practice and the associated confidentiality terms.

External contacts

Without prior approval from the client, we do not make any contact with or provide comments to journalists regarding a specific client, nor do we issue press releases or share details of a client's marketing activities with journalists. All inquiries from journalists must be reported to and managed by the local CEO or designated senior management. Employees are not allowed to discuss client activities, however informally, with friends, family, colleagues, or any third parties not involved in providing services to that client.


When speaking with media owners, we will not divulge details of a client's strategic ambitions without the client's prior approval. To protect our clients, we only support and encourage them to work with third-party auditors and consultants who can demonstrate adherence to professional standards and best practices regarding data handling, confidentiality, and security.

Governance and compliance

We commit significant resources to ensure the consistent and effective implementation of industry-leading compliance and governance procedures across our businesses. This includes robust security and confidentiality safeguards. Our undertakings include: A world-class global compliance program that is verified by our internal and external auditors and includes a dedicated and experienced global ethics and compliance team. A global client contract compliance program with 1st, 2nd and 3rd lines of defense designed to assure compliance with client contract obligations. This is supported by appropriate local, regional and global monitoring and governance frameworks.


Security procedures that are periodically reviewed and kept up to date to meet the confidentiality needs of our clients and align with best practices. A clearly defined and published escalations process that demands any incident adversely affecting the security or confidentiality of Loock Advisory or client information is escalated and addressed with appropriate urgency. Periodic audits using local, regional and global management teams to validate the effective operation of these procedures, including assessments of third-party suppliers where necessary.

A whistleblowing policy that allows staff to confidentially report any non-compliance or wrongdoing within our organization. A robust and continuous training and awareness-raising program for all Loock Advisory employees covering our Code of Conduct, internal policies and compliance requirements.