Managing &
Protecting Data

In 2019–20, Suncorp developed a set of Data Ethics Principles which reflect the Australian Government’s AI Ethics Principles. The Principles support Suncorp’s Enterprise Risk Management Framework, Privacy Policy and Code of Conduct to protect the rights of our stakeholders when we collect, use and retain their data. A Data Ethics Advisory Committee has been formed to integrate the Principles into our business practices.

Suncorp's Data Ethics Principles are:

As the digital environment evolves, Suncorp continues to evolve its capabilities in protecting our customers from the threat of cyber and financial crime. Our dedicated Financial Crime and Anti-Money Laundering / Counter-Terrorism Financing systems leverage world-class detection and prevention technologies.

In 2019-20 we invested in advanced data analytics and fraud detection technology to ensure we can intervene early and disrupt criminal activity, before it impacts our customers. We also enhanced our policies and practices, including the development of an Anti-Bribery & Corruption Policy for employees and further alignment of our investigation practices with updated industry Codes of Practice.

Suncorp supports law enforcement and intelligence agencies to help address cyber crimes. We run ongoing employee and customer education programs on cyber security risks and work with community groups to support customers impacted by financial crimes and scams. This year we collaborated with Queensland University of Technology in industry-leading scam research, which we’ve extended to industry working groups.

We also invested in scam-intervention techniques to reduce the impact on our customers, including enhanced support for victims of identity theft.

Suncorp’s Privacy Policy sets out how we collect, use, disclose, store and secure personal information. Our people complete mandatory privacy training annually to help embed a strong risk culture and promote privacy awareness. In February 2018 the Notifiable Data Breaches scheme commenced, which mandates organisations to notify affected individuals of a data breach that is likely to result in serious harm. Suncorp has reviewed its processes and procedures to ensure compliance with this scheme.