Managing Data Privacy and Security

The Suncorp Group Privacy Policy details how we collect, use, disclose, store and secure personal information. We prioritise staff training on secure information handling practices and our people complete mandatory privacy training annually.

Suncorp supports reforms to strengthen online privacy protections by enhancing choice and control for our customers. 

In FY21, Suncorp made two reports and Suncorp partners made three reports to the Office of the Australian Information Commission (OAIC) under the Notifiable Data Breaches Scheme. Each data breach is treated seriously, and we continue to invest in training and technology to prevent any future data breaches.

Data is a strategic asset for Suncorp and a critical enabler of our strategy. The Suncorp Data Governance framework defines the key principles, capabilities and processes for governing critical data.

The Group Data Council governs data ownership and accountability across Suncorp and acts as an escalation point for data-related decisions. 

Suncorp’s Data Ethics Principles guide the ethical use of data and automated decisioning by considering human, social and environmental impacts. The Principles support Suncorp’s Enterprise Risk Management Framework, Privacy Policy and Code of Conduct to protect the rights of our stakeholders when we collect, use and retain their data.

The Data Ethics Advisory Committee provides advice and recommendations regarding the ethical use of data in our business practices. 

As the digital environment evolves, Suncorp continues to strengthen its protection capabilities from the threat of cyber and financial crime for our customers. We leverage world-class detection and prevention technologies in our dedicated Financial Crime and Anti-Money Laundering / Counter-Terrorism Financing systems.

Suncorp has invested in advanced data analytics and fraud detection technology to ensure we can intervene early and disrupt criminal activity before it impacts our customers. We also have policies and practices in place such as the Anti-Bribery & Corruption Policy for employees and investigation practices aligned to industry codes of practice.

Suncorp continues to support law enforcement and intelligence agencies in order to help address cybercrimes. We run ongoing employee and customer education programs on cyber security risks and work with community groups to support customers impacted by financial crimes and scams. Suncorp has invested in scam-intervention techniques to reduce the impact on our customers, including enhanced support for victims of identity theft. 

Suncorp’s Privacy Policy sets out how we collect, use, disclose, store and secure personal information. Our people complete mandatory privacy training annually to help embed a strong risk culture and promote privacy awareness. In February 2018 the Notifiable Data Breaches scheme commenced, which mandates organisations to notify affected individuals of a data breach that is likely to result in serious harm. Suncorp has reviewed its processes and procedures to ensure compliance with this scheme.