Privacy and data security

Safeguarding the data within our stewardship throughout its lifecycle and ensuring ongoing compliance with data protection regulations globally remains a key priority for Credit Suisse. At the time of collection, we make transparent to individuals through a range of appropriate Privacy Statements what data is being collected, for what purpose, and how it will be used. Supported by training annually for all employees, our Data Confidentiality, Protection and Privacy Policy sets out the principles of how data should be used and protected, requiring strict adherence to the “Need to Know” principle. We operate a series of controls to provide further protection assurance, including robust validation of system access and obligations on third-party vendors who may have data access. Should a data loss incident occur, we assess the resulting risks to individuals and take action as appropriate. Under the stewardship of the Data Protection Officer, reporting under this framework is embedded into governance groups at the highest level of management, comprising legal entity boards of directors and the Data Protection Sub-Committee of the Executive Board, to provide the necessary management oversight.