Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Mar. 31, 2026 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | We recognize the importance of protecting consumer and employee data and maintaining the safety and security of our information systems. We identify, assess and manage material risks on an enterprise basis through our global enterprise risk management (“ERM”) program. We maintain a cybersecurity program designed to help detect, identify, classify and mitigate cybersecurity and other data security threats, which is aligned to and informed by our ERM program. Our cybersecurity program takes into consideration, among other things, compliance requirements, risks to our revenue channels, risks posed by third-party engagements, consumer and employee data security and global enterprise security. We engage independent third parties to conduct periodic and risk-based penetration testing and targeted security audits of our information systems. In addition, we engage a third-party vendor to conduct 24/7 monitoring of cybersecurity alerts. In the event we identify or are notified of a potential cybersecurity, privacy or other data security incident, we have a data incident response plan that defines procedures for responding to such incidents, including guidelines regarding when and how to engage with our executive leadership team, our Board of Directors, other stakeholders and law enforcement, as applicable. We also maintain cyber liability insurance to help defray financial losses arising out of a cyber security incident; our insurance, however, may not cover all types of cybersecurity incidents or all losses that we incur. We have adopted, and periodically review and update, as appropriate, information security and privacy notices, policies and procedures. We maintain annual cybersecurity and data privacy training for all employees with access to our corporate systems. In addition, as part of our Payment Card Industry Data Security Standard compliance, we maintain annual role-based training on protecting payment card information for all relevant employees. We conduct proactive incident preparedness activities focused on cybersecurity risks and business continuity, such as annual table-top exercises with our senior management, as well as periodic phishing simulations to test our employees’ responses to suspicious emails. We utilize third-party service providers as a part of our day-to-day business operations. Certain of the networks and systems used to conduct our operations are managed by such third-party service providers and are not under our direct control. To address cybersecurity risk to our operations arising from our relationships with third-party service providers, we maintain a third-party risk management program, which includes cybersecurity and data privacy assessments during vendor onboarding to identify and classify risk based on several factors, including the type of data handled by the third-party service provider and the potential impact to our business if there were a significant disruption to the third-party service or system.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We identify, assess and manage material risks on an enterprise basis through our global enterprise risk management (“ERM”) program. We maintain a cybersecurity program designed to help detect, identify, classify and mitigate cybersecurity and other data security threats, which is aligned to and informed by our ERM program. Our cybersecurity program takes into consideration, among other things, compliance requirements, risks to our revenue channels, risks posed by third-party engagements, consumer and employee data security and global enterprise security. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our Board has delegated primary responsibility to oversee the management of risks related to information technology use and protection, including cybersecurity and data privacy, to the Audit Committee, while retaining oversight of management's overall approach to risk management. The Audit Committee receives regular reports regarding our cybersecurity risks through two annual briefings by senior management, including our Chief Information Security Officer ("CISO") and head of data privacy, and additional periodic updates as appropriate. At each Board meeting, the chairperson of the Audit Committee and the Corporate Secretary report on the Audit Committee’s activities, including risk management, which provides an opportunity to discuss significant cybersecurity risks with the full Board. Our CISO leads our global cybersecurity team and is responsible for the oversight and execution of our cybersecurity program. Our current CISO has served in various roles in information technology and information security for over twenty years, including at our Company since 2013. He holds an MBA and a Certified Information Systems Security Professional certification. Our CISO reports to our Chief Technology Officer, who reports to our Chief Executive Officer.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our CISO leads our global cybersecurity team and is responsible for the oversight and execution of our cybersecurity program. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee receives regular reports regarding our cybersecurity risks through two annual briefings by senior management, including our Chief Information Security Officer ("CISO") and head of data privacy, and additional periodic updates as appropriate. |
| Cybersecurity Risk Role of Management [Text Block] | Our CISO leads our global cybersecurity team and is responsible for the oversight and execution of our cybersecurity program. Our current CISO has served in various roles in information technology and information security for over twenty years, including at our Company since 2013. He holds an MBA and a Certified Information Systems Security Professional certification. Our CISO reports to our Chief Technology Officer, who reports to our Chief Executive Officer.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our Board has delegated primary responsibility to oversee the management of risks related to information technology use and protection, including cybersecurity and data privacy, to the Audit Committee, while retaining oversight of management's overall approach to risk management. The Audit Committee receives regular reports regarding our cybersecurity risks through two annual briefings by senior management, including our Chief Information Security Officer ("CISO") and head of data privacy, and additional periodic updates as appropriate. At each Board meeting, the chairperson of the Audit Committee and the Corporate Secretary report on the Audit Committee’s activities, including risk management, which provides an opportunity to discuss significant cybersecurity risks with the full Board. Our CISO leads our global cybersecurity team and is responsible for the oversight and execution of our cybersecurity program. Our current CISO has served in various roles in information technology and information security for over twenty years, including at our Company since 2013. He holds an MBA and a Certified Information Systems Security Professional certification. Our CISO reports to our Chief Technology Officer, who reports to our Chief Executive Officer.
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our current CISO has served in various roles in information technology and information security for over twenty years, including at our Company since 2013. He holds an MBA and a Certified Information Systems Security Professional certification. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Our Board has delegated primary responsibility to oversee the management of risks related to information technology use and protection, including cybersecurity and data privacy, to the Audit Committee, while retaining oversight of management's overall approach to risk management. The Audit Committee receives regular reports regarding our cybersecurity risks through two annual briefings by senior management, including our Chief Information Security Officer ("CISO") and head of data privacy, and additional periodic updates as appropriate. At each Board meeting, the chairperson of the Audit Committee and the Corporate Secretary report on the Audit Committee’s activities, including risk management, which provides an opportunity to discuss significant cybersecurity risks with the full Board. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |