GOVERNANCE / GLOBAL ETHICS & COMPLIANCE Juan Gomez-Sanchez , Global Information Security Officer “It has become ever more important for organizations to understand cybersecurity, data privacy, crisis management and how all of that relates back to the business, so we can perform security at the speed of business. We’re focused on maturing our security capabilities and elevating our global security posture. ” Gomez-Sanchez joined Whirlpool Corporation in 2021 with more than 28 years of experience in information security, including roles at Delta Airlines, CheckFree Corporation (now Fiserv), Florida’s Turnpike Enterprise and most recently at Lennar Corporation, where his responsibilities encompassed all physical and cybersecurity initiatives. He is an industry-recognized thought leader and subject matter expert on various security-related domains to include Cyber Risk Management, Cyber Ethics and positioning security as a business enabler. Cybersecurity & Data Privacy We respect privacy. We want to earn and keep trust. We work hard to protect any personal information shared with us. We recognize the sensitivity of personal information, so we only seek personal information that we need for legitimate business or legal purposes, and only use it for purposes disclosed to consumers. Equally important is our need to manage cybersecurity risk efficiently. To this end, we continue to invest in protecting our information assets and the integrity of our computing environment at the enterprise level. We have a cybersecurity and privacy training program that includes training, simulated phishing exercises and regular publications on our company portal. We have a Privacy program that manages compliance to privacy regulations globally. Our security monitoring and incident response functions are managed centrally by our Global Security Operations Center and we continue to mature our security capabilities in support of our business imperatives. Our Board is responsible for overseeing and holding senior management accountable for our global information security and privacy programs. This includes understanding our business needs and associated risks, and reviewing management’s strategy and recommendations for managing cybersecurity and privacy risks. In line with this oversight responsibility, the Audit Committee receives reports on cyber program effectiveness periodically, and the Board of Directors receives a full presentation at least annually on cybersecurity-related trends and program updates. In 2021, we elevated our Chief Information Security Officer role to a vice president-level position as a direct report to the Global Chief Information Officer to further focus on the strategic intent of the cybersecurity and Privacy programs. Whirlpool Corporation / 2021 SUSTAINABILITY REPORT 89