#
#
Corporate Citizenship
# #
#
Citigroup by Topic
# # # #
#
# # # #
# •  Summary #
# # # #
# •  Working Paper #
# # # #
# •  Privacy for Consumers at Citi #
# # # #
# •  Email Encryption #
# # # #

   Printer Friendly Page
 
 # Privacy
Working Paper
 
Citigroup's commitment to protecting the privacy of customer information is key to maintaining our 200 million consumer accounts around the world.
 
Elements of our Privacy Programs
Privacy for customers remains a priority for Citigroup. Our goal is to maintain their trust and confidence when handling personal information. Since 1998, when Citigroup launched its consumer privacy program, a variety of privacy and data protection laws have been enacted in the U.S., Europe, Japan, Canada and other markets where Citigroup operates.
 
In 2006, Citigroup updated its Consumer Privacy Program to more closely model those changing laws and regulations and on meaningful choices we can provide to customers. This privacy program update also maintains Citigroup's ongoing commitment to physical, electronic and procedural safeguards to protect personal information.
 
Citigroup's updated privacy program highlights two critical aspects of privacy - customer choice and security of a customer's personal information:
 
Customer choice: Citigroup would like to encourage customers to make choices that enable us to provide them with quality products and services that help meet their financial needs, while still maintaining their confidence about how personal information about them is shared.
 
Commitment to security: Citigroup remains fully committed to physical, electronic and procedural safeguards that meet or exceed applicable laws related to protecting personal information.
 
Citigroup follows the many laws and regulations directed toward privacy and information security. We also adhere to our own high standards, including the Citigroup Code of Conduct, Citigroup Information Technology Management Policy, Citigroup Information Security Standards, Citigroup Policy on Confidentiality of Information, and Corporate Physical Security Standards.
 
Monitoring and Compliance
Each Citigroup consumer businesses has named a privacy officer to develop, implement, and monitor privacy policies and practices that are appropriate to that business. Self-assessment and audit procedures exists to confirm that employees and Citigroup businesses meet their obligations under our Privacy Program.
 
Control Over Information Collected and Used
The information we collect includes:
  • Information customers provide on applications or other forms to identify themselves and to qualify for products.
  • Information about customer transactions, such as whether they pay bills on time and information about their deposits, withdrawals, written checks, credit card transactions, or other actual events.
  • Information we receive from others, such as credit bureaus and appraisal companies.
  • We require a great deal of information to provide the services our customers want. For example, we use customer information to provide timely and accurate account information, resolve problems, protect against fraud, offer advice, and enhance services.
Ensuring Customer Protection when Using Third Parties
Whether we hire companies to supply support services under our control or to provide our customers with additional product choices, we choose companies that share our respect for privacy and information security. Our privacy standards are incorporated into our contracts when we hire outside companies - including mailing and printing vendors - that may need access to certain customer data. We enforce this standard by requiring these companies to have appropriate policies and procedures. We also monitor them for compliance with our confidentiality agreements and contract provisions. We review companies before we hire them and audit their activities from time to time. Reviews may include on-site visits.
 
A Closer Look at Privacy Regulations: The Financial Modernization Act (U.S.)
In 1999, the Financial Modernization Act (formally the Gramm-Leach-Bliley Act) was signed into law. This Act authorized many important changes in financial services in the United States that make it possible for companies like Citigroup to offer customers a wide range of products and services from a single family of companies. In addition to sweeping changes, the Act also established new privacy requirements for all financial services companies.
 
These include requirements to:
  • Establish comprehensive information security programs.
  • Disclose privacy practices, both when accounts are established and annually thereafter.
  • Allow customers to opt out of disclosures to nonaffiliated third parties.
  • Maintain strict control over third parties that receive customer information to provide support services.
  • Not disclose account numbers to nonaffiliated companies for marketing.
  • Under the Financial Modernization Act, regulators across the U.S. financial services industry work together to develop consistent regulations. These regulations allow each company latitude in defining its own privacy policy, as long as it provides a clear disclosure at account opening and in annual mailings, and complies with other requirements.
Other Privacy Regulations in the U.S.
Many other privacy laws and regulations apply to financial services companies. These include the Fair Credit Reporting Act, Regulation E, Model Insurance Privacy Laws and Regulations, and the Right to Financial Privacy Act of 1978. Financial services companies are also subject to other requirements including Internet regulations (such as the Children's Online Privacy Protection Act), marketing regulations such as the Telephone Consumer Protection Act, and medical and health care regulations (such as those under HIPAA). In fact, many U.S. financial services companies are leaders in developing appropriate privacy programs because they have conformed to tight regulations for many years.
 
Data Protection Outside the U.S.
The European Union (EU) Data Protection Directive signaled the need for consistent approaches to privacy across international borders given the increasingly global scope of business. While the directive seeks to establish a framework for data protection, the driving force was the need to "harmonize" privacy regulations so that sensitive customer data can flow freely throughout the EU with acceptable levels of control in all countries.
 
Japan, Australia, Canada, Hong Kong, Singapore, Argentina, and many other countries have also recently adopted new privacy laws and regulations.
 
Citigroup's Continued Vigilance
Keeping customer information secure and using it as our customers would want is a priority at Citigroup. There is no greater business asset than the trust of our customers - trust that is reinforced through our programs for privacy and information security.
 
Citigroup is committed to protecting our customers' privacy, through compliance with laws and regulations as well as through our own high standards. To this end, we continue to update our systems and technology and to train our staff in matters related to privacy. We constantly work to find ways to do this in a manner that also allows us to provide our customers with choices and options for products and services according to their unique needs.
 
As of July 2006