ICICI Bank is committed to protecting the privacy of individuals whose personal data it holds, and processing such personal data in a way that is consistent with applicable laws. It is important for employees and businesses to protect customer data and follow the applicable privacy laws in India and overseas locations to ensure safety and security of data. We believe that the data privacy framework should be in line with the evolving regulatory changes and digital transformation.
The Bank has a global presence in several overseas jurisdictions including Hong Kong, Singapore, United States, United Kingdom, Canada, China, Dubai International Financial Centre and Bahrain. We are committed to ensuring compliance with applicable laws across these jurisdictions. We have an integrated and centralised strategy for achieving data privacy compliance across all jurisdictions. A set of principles have been defined with respect to handling customer data. There is a mechanism in place for reporting any form of personal data incident which is accessible to all employees in the Bank. The Personal Data Incident Handling Forum (PDIHF) comprises the Data Protection Officer (DPO) and senior members from the Information Security Group, Operational Risk Management Group, Fraud Management Group, Human Resources, Compliance and the Legal Team. Any kind of personal data related incidents reported through the service request undergoes a detailed investigation and report of the same is presented to PDIHF on a monthly basis.
The Bank periodically updates its Personal Data Protection Standard to cover the personal data protection regulatory requirements for the Bank and its overseas offices to reflect the changes in data protection laws and regulations.
Privacy regulations require the personal data of customers to be protected throughout its entire lifecycle. Accordingly, the Bank has undertaken several comprehensive measures such as categorising all personal data and sensitive personal data as ‘Confidential Information’, keeping record of all its processing activities, entering into non-disclosure and confidentiality agreements with employees and third parties who are privy to personal data of the customers and providing customers the option to exercise various rights which they enjoy under applicable data protection regulations and incident-handling procedures.
There are e-learning modules specifically on personal data and its protection to build awareness among our employees.
The Bank’s Data Protection Officer (DPO) oversees all privacy-related developments for the Bank as a dataprocessor for international banking business and as a data controller for NRI and remittance businesses. Various data privacy awareness initiatives and periodic trainings are conducted by the Data Privacy team.
A Privacy Steering Committee meets every quarter, and oversees various privacy-related initiatives. Further, the Bank’s Code of Business Conduct and Ethics covers guidelines on customer privacy and confidentiality of data.