Data Privacy and Governance
We are committed to meeting industry best practices and to complying with the Personal Data Protection Act of Thailand. Banks such as UOB Thailand and other financial institutions host important and sensitive information about customers and ensuring data privacy is essential to our customers maintaining their trust in us.
Personal data protection policy
We have policies and processes in place to ensure the confidentiality and security of our customers’ information, including our Personal Data Protection Policy. In tandem with rising international data privacy standards, we also conduct regular reviews on our policies and processes to strengthen our data privacy practices.
Data protection officers
Line data protection officers at functional and business levels in Thailand ensure that personal data is safeguarded. These officers provide support to the Data Protection Officer, i.e. supporting compliance with local regulations and requirements and assist in the investigation of alleged breaches as and when required.
The Data Protection Office reviews any incidents and consider whether the incidents need to be reported and/or affected persons notified. Significant incidents are escalated to relevant senior management committees and the Franchise Data Protection Officers, who in turn report to the Operational Risk Management Committee. Breach reporting and data leakage protocols are clear and designed to ensure timely breach management and mitigation of harm to data subjects. Post-incident action plans are pursued to closure to address any weakness in process that resulted in the incidents.
Data ethics and quality
UOB Thailand’s Enterprise Data Governance and Data Quality team governs the data life cycle from creation and consumption to eventual deletion. This function brings together subject-matter experts from across UOB Thailand to focus on the continual improvement of data health, powered by innovations in processes and technology. Data privacy impact assessments are integral to our business and product development process to ensure that data protection is embedded in the services we provide and in every aspect of our operations.