Data Privacy

What is privacy?
Privacy is “the right to control access to information about oneself. The right to privacy means that
the individuals get to decide what and how much information to give, to whom to give and for what
purposes.”

Privacy can be classified as: 2 • Communication privacy • Physical privacy • Organizational privacy,
and • Information privacy

What is data privacy?

Personal Information
Data privacy is imposed on Individual and Corporate information of ICICI bank.

Individual: Any identifiable information about the Individual customer is personal information.
Corporate: In case of corporates, any information t Corporate hat is not available in the public
domain however, it is shared with ICICI Bank and stored in any format becomes personal
information, such as passwords, hint question, and hint answer.

Any identifiable information about an individual held in any format is personal information. Let us
now learn about different classifications of personal information. Personal information is categorized
as: • Personal details • Family details • Financial details • Employment details • Sensitive personal
information

Personal Details

The following details are classified as personal details: • Name and address 3 • Contact details •
Date of birth • Age, sex and ethnicity • National insurance number • Passport number

Family Details

The following details are classified as family details: • Marital status • Next of kin • Travel habits •
Leisure activities • Club membership details

Financial Details

The following details are classified as financial details: • Income • Salary • Bank account •
Investments • Credit history • Loans • Insurance details

Employment Details

The following details are classified as employment details: • Career history • Recruitment CV •
Attendance record • Sickness record • Performance and appraisal records • Disciplinary and
grievance records

Sensitive Personal Information

Privacy Breach
What will happen if personal information gets leaked?

If the personal information will get leaked, it will cause privacy breach. Privacy breach is
unauthorized access or collection, use or disclosure of personal information. Any privacy breach can
cause extensive damage to the reputation of the bank. Therefore, it is very important to safe guard
the personal information of the customer. Most common causes of privacy breach are: • Stolen, lost,
or mistakenly disclosed information. • Faulty business procedure or operational break down.

Scenario 1: A user called ICICI Bank and enquires about the name mentioned in his bank’s records
after successfully verifying the mobile number. Is it breach of privacy? Yes, it is breach of Privacy as
anyone can have access to the mobile number.

Scenario 2: A user calls ICICI bank and asks for account number after furnishing required verification
details, such as residential address and phone number. Is compromise of account number a breach
of privacy? Yes, it is breach of Privacy as anyone can have access to the mobile number.

Scenario 3: A customer calls ICICI bank to update the personal details. However, before updating
new details, he/she enquires about the current details, such as customer name and gender. Is it
breach of privacy? Yes, it is breach of privacy as a genuine customer will always know the details that
he/she would have given to bank.

Scenario 4: Some details such as, customer name, gender, and age are compromised. Is it a breach
of privacy? Yes, it is breach of Privacy as it is bank’s secured information.

Key Privacy Principles

How does ICICI Bank imposes security on secured customer information?

To safe guard customer’s information, ICICI bank has defined the following key privacy principles: •
Accountability • Purpose • Consent • Relevance • Disclosure • Accuracy and • Safe guarding of data

Accountability

The bank is responsible for processing and storing the personal information collected in accordance
with the applicable requirements.

Purpose

• The bank should identify the purpose at or before the time of collection. • The bank must
document why the information is collected. • The bank must inform the individual of whom the
information is collected and why the information is needed.

Consent

• Consent should be obtained at the time of collection of personal information. • Consent must be
obtained every time a new use of the information is identified.

Relevance
This means that collect only relevant information that is directly required to serve the identification
purpose.

Non-Disclosure

Customer or employee personal data should not be disclosed to anyone, including other employees,
if they are not authorized to receive it. The following are the exceptions: • Where the disclosure is
authorized by the customer • Where disclosure is under compulsion of law • Where there is duty to
the public to disclose • Where interest of bank requires disclosure • Where the disclosure is made
with the expressed or implied consent of the customer

Accuracy

Keep the personal information of the customer and the employee complete and up to date as
necessary. The measures to keep the data updated are: • While accepting the customer’s application
and other service requests, make sure that the handwriting is readable and mandatory fields are
completed. • Be cautious while entering, amending customer’s or employee’s information in the
system. • Be cautious while adding any additional notes in customer or employee’s files.

Security

Organizational security measures and policies should be strictly maintained to protect personal
information against the following: • Loss or theft • Unauthorized access, disclosure, use, copying •
Destruction Personal, customer and employee data needs to be stored and treated with utmost care
and security.

Benefits and Risks

Benefits:

The following are the benefits of ensuring the security of customer’s or employees’ personal
information: 1. Builds customer confidence and trust 2. Increases customer satisfaction 3. Creates
brand differentiator

Risks:

The following are the security risks of losing customer’s or employee’s personal information: 1.
Reputational risk and brand damage 2. Customer dissatisfaction 3. Fines, Compensation claims,
prosecution, and so on.

Do’s and Don’ts for Data Privacy

Follow these do’s to ensure data privacy:

• Shred confidential customer data if not required • Retain sensitive personal data in safe custody
only till it is necessary • Keep your desks and soft boards clear of customer data • Lock your drawers
and cabinets • Delete records of personal data held in laptops or PCs that are not needed for
business use • Secure your laptops and desktops with the help of IT team • Exercise caution during
inter-judicial file transfers • Send personal data only through password protected files
Don’ts

Follow these don’ts to ensure data protection:

• Send emails containing sensitive data, such as name account numbers, and balance outstanding in
unprotected spreadsheet formats. • Keep PCs or laptops unlocked • Leave confidential documents
on unattended printers • Send emails that contain personal data in subject headings • Share
customer personal data with friends or family • Share your System password with your peers