HomeCustomersData Privacy
Data Privacy

Data Privacy

We respect and safeguard the privacy and rights of our customers throughout our services and across our operations.

Protecting personal data and privacy

 

Data protection at UOB is interwoven into various policies and guidelines, which apply Group-wide and are approved by senior management committees. These include the UOB Code of Conduct, reviewed annually by the Bank’s Human Resources Committee, as well as the following policies reviewed annually by the Operational Risk Management Committee (ORMC):

  • the Group Information Technology Security Management and Cyber Resiliency Policy;
  • the Group Operational Risk Management Policy; and
  • the Enterprise Data Governance Policy.

Our policies and processes reflect our respect of our customers’ interests and preferences. We are committed to honouring their privacy rights, including providing:

  • channels for feedback such as email, online contact forms and phone hotline; and
  • access to and correction of personal data, as well as issue resolution.

We also have processes in place to ensure timely resolution of grievances.

UOB’s Privacy Notices, privacy and security practices and the contact details of the Bank’s Data Protection Officer are publicly available online on the UOB Privacy and Security webpage. Through regular mandatory training, we ensure that our people understand the importance of upholding data privacy and are kept abreast of the Bank’s policies and processes.

Personal Data Protection Policy

 

UOB’s Personal Data Protection Policy sets out the structure for compliance with the Singapore Personal Data Protection Act 2012. This policy is reviewed annually by the ORMC. The policy’s principles are:

  • Personal data must only be collected and used for purposes the customer has consented to, or as may be permitted by law;
  • Personal data is used responsibly in accordance with our ethical standards and corporate values;
  • Access and disclosure are subject to strict controls;
  • Integrity and security of personal data are paramount; and
  • Personal data that is no longer required for legal or business purposes must be anonymised or destroyed, in accordance with document retention policies.

Data Leakage Incident Management

 

Our Data Leakage Incident Management Procedures also provide guidance for the handling of any data breaches. Second Line functions, including Group Operational Risk Management and Group Compliance, and the Data Protection Office independently review data leakage incidents. Incidents are assessed for potential breaches and/or if affected persons need to be notified. Clear data leakage escalation and reporting protocols are designed to ensure timely breach management and mitigation of harm to data subjects. Post-incident action plans are pursued to closure to address any weaknesses in process that may have resulted in the incidents. Any misconduct relating to breach of confidentiality will be subject to disciplinary action as appropriate.

Data ethics and quality

 

UOB’s Enterprise Data Governance and Quality team from the Data Management Office and Analytics Transformation Office (DMOATO) governs the data life cycle from creation and consumption to eventual deletion. This function brings together subject-matter experts from across UOB to focus on the continual improvement of data health, powered by innovations in processes and technology.

Our multi-disciplinary Artificial Intelligence (AI) Ethics and Model Governance Taskforce formulates and guides the governance of the non-risk tiered models, and the integration of the Monetary Authority of Singapore’s (MAS) Fairness, Ethics, Accountability and Transparency (FEAT) principles in the design and validation of the Bank’s key artificial intelligence (AI) and analytical models.

UOB’s Data Management Committee provides oversight on data governance and privacy initiatives. Chaired by the Chief Data Officer, this committee comprises senior representatives from DMOATO, Group Technology and Operations, Group Compliance, Group Risk Management, Group Human Resources, Group Finance and Corporate Services, as well as the business segments and functions.

It supports the ORMC in overseeing the regulatory and operational risks around the data lifecycle across the domains of data ethics, data sharing, metadata, data protection and confidentiality, and data quality.

Related

Fair Dealing

Fair Dealing

We put our customers and their financial goals first as we grow our business through conscious and concerted efforts across our entire franchise.

Information security

Information security

We protect our data and assets from potential cybersecurity risks and threats, ensuring reliable and efficient services for our customers.

Financial inclusion

Financial inclusion

We are committed to making our banking products and services accessible and affordable.

Related