Data Governance and Privacy

As the custodian of the personal data of a vast customer base, ICICI Bank prioritises data protection and privacy as part of its commitment to responsible banking. The Bank takes steps to ensure that such data is processed in compliance with applicable laws. The Bank ensures that its data privacy framework is aligned with the changes in the regulatory landscape and the digital ecosystem.

The Bank emphasises the protection of customer data and compliance with all the applicable privacy laws across the jurisdictions in which it operates, in India and abroad. It follows a centralised, integrated strategy to drive such compliance. As an additional measure, the Bank has established certain principles for handling customer data. Employees can report any personal data-related incident through a well-defined mechanism that is easily accessible to them.

Any breach of personal data reported through the Bank’s service request system is thoroughly investigated. The collective investigation report of all such incidents is presented to the Bank’s Personal Data Incident Handling Forum (PDIHF) each month.

PDIHF includes DPO and senior members from Information Security, Operational Risk, Fraud Management, HR, and Compliance & Legal teams.

(Best viewed on desktop)

Designated data protection managers/representatives ensure the proper implementation of the Data Standard across business functions and at each overseas location.

In compliance with privacy regulations, the Bank has adopted a series of initiatives to ensure the protection of customers' personal data throughout their lifecycle. These include categorisation of all personal data and sensitive personal data as ‘Confidential Information’; maintenance of records of all processing activities; undertaking non-disclosure and confidentiality agreements with employees and third parties who are privy to the personal data of customers; and providing customers with the option of exercising various rights which they enjoy under applicable data protection regulations and incident handling procedures.

The Bank deploys several technical and organisational measures to ensure the safety and protection of all the personal data processed across its offices, branches, etc. This is done through various policies, processes and controls, which include physical access control, encryption, impact assessment of data protection, and providing training to the Bank's employees, as per the Bank’s Personal Data Protection Standard (Data Standard). The Bank updates the Data Standard periodically to cover the personal data protection regulatory requirements as applicable to the Bank in India and its overseas offices, in line with any changes in data protection laws and regulations.

The Bank has also established a Privacy Steering Committee to oversee various privacy-related initiatives. The Code of Business Conduct and Ethics provides detailed guidelines with regards to customer privacy and confidentiality of data.

A robust governance framework for data privacy management is in place at the Bank. The DPO oversees all data privacy related developments as a data processor for international banking businesses and as a data controller/data fiduciary for the Bank’s activities in India.