2013 Annual Report

EMPREGO 176 Annual Report 2013 CUSTOMER PRIVACY Materiality and Responsibility The Client Privacy item, under the responsibility of the Facility Management Executive Vice-President's Office, is important to Santander Brazil due to the fact it involves risks in relation to legal and regulatory aspects and business relationship and financial loss. All the activities performed by the Bank's employees, interns and other associates should comply with the legislation in force and the standards of regulatory bodies and entities in relation to information security. Impacts - The efficient management of this item provides increased security to clients, whose personal info is preserved, and the Bank, which protects itself against failure to comply with regulations, while safeguarding the business relationship and prevents financial loss and harm to the corporate image. In order to assess the level of security of suppliers or companies which use the Bank's information to service their own clients, the Bank assesses its partners regarded as high-impact by means of on-site visits and monitoring tests conducted at the time of registration. The risks detected are shared with the managers of the contracting areas and managed together with the companies. Corrective measures in relation to critical are implemented in the short term. Furthermore, the Bank implements mechanisms for the protection of client data in agreements entered into with third parties and client service channels. Indicators Consolidation Total number of substantiated complaints regarding breaches of customer privacy and losses of customer data G4-PR8 SAC (Client Support Service) registered 162 complaints in relation to security, banking secrecy and negative credit listing in 2013. Nevertheless, there was no incident involving loss of data. Nine complaints were filed with the Central Bank, none of which, however, involved a breach of banking secrecy. No fines were assessed in relation to the breach of client privacy in 2013. Policies, Commitments and Assessment Mechanisms The Information Security Policy is based on directives drawn up by the Information Security department, in charge of defining the policies and standards which provide support for everyone in the protection of information assets and in dealing with problems associated with the topic. All information belonging to the Bank should be protected against risk and threats which might compromise its confidentiality, integrity or availability. At the inception of their employment with the Bank staff members are introduced to security topics (clause available in employment agreements and the Code of Ethics) and attend mandatory courses on the subject. They are also advised to read the Privacy Policy, which contains the basic principles in relation to the receipt, storage and use of personal information submitted by clients and visitors. Employees are also responsible for using their passwords and authorization for accessing systems, in addition to actions arising from the use of these powers. INFORMATION SECURITY GUIDELINES The issue of information security demands continuous efforts for the protection of information assets, thereby helping the Bank fulfill its mission. The issue is addressed in accordance with the following objectives: Confidentiality: to ensure the information processed remains confidential and known by specifically authorized people; Integrity: to ensure the information is maintained complete and undergoes no undue changes (accidental or intentional); Availability: to ensure the information is made available to all persons authorized to process it. 177

View entire presentation