Data Governance and Privacy

ICICI Bank is committed to protecting the privacy of individuals whose personal data it holds, and processing such personal data in a way that is consistent with applicable laws. It is important for employees and businesses to protect customer data and follow the applicable privacy laws in India and overseas locations to ensure safety and security of data. We believe that the data privacy framework should be in line with the evolving regulatory changes and digital transformation.

The Bank is committed to ensuring compliance with applicable laws across the jurisdictions in which it operates. It has an integrated and centralised strategy for achieving data privacy compliance across all jurisdictions. A set of principles have been defined with respect to handling customer data. There is a mechanism in place, which is accessible to all employees in the Bank, for reporting any form of personal data incident. The Personal Data Incident Handling Forum (PDIHF) comprises the Data Protection Officer (DPO) and senior members from the Information Security Group, Operational Risk Management Group, Fraud Management Group, Human Resources, Compliance and the Legal Team. Any personal data related incident, reported through the service request mechanism, undergoes detailed investigation and an aggregated report is presented to PDIHF monthly.

As per its Personal Data Protection Standard (Data Standard), the Bank ensures that all personal data it processes is kept secure using appropriate technical and organisational measures including necessary policies, processes and controls which includes physical access control, encryption, data protection impact assessment and providing training to the Bank's employees. The Bank periodically updates the Data Standard to cover the personal data protection regulatory requirements as applicable to the Bank in India and its overseas offices to reflect the changes in data protection laws and regulations.

Privacy regulations require the personal data of customers to be protected throughout its entire life cycle. Accordingly, the Bank has undertaken several measures such as categorising all personal data and sensitive personal data as ‘Confidential Information’, keeping record of all its processing activities, entering into non-disclosure and confidentiality agreements with employees and third parties who are privy to personal data of customers and providing customers the option to exercise various rights which they enjoy under applicable data protection regulations and incident handling procedures.

The Bank has established a strong governance framework for data privacy management. The Bank’s DPO oversees all data privacy related developments for the Bank as a data processor for international banking business and as a data controller/data fiduciary for its banking activities in India. The Bank has designated data protection managers/representatives from each business function and at each overseas location to ensure the proper implementation of the Data Standard.

A Privacy Steering Committee oversees various privacy related initiatives. Further, the Bank’s Code of Business Conduct and Ethics covers guidelines on customer privacy and confidentiality of data.