Global Citizenship Report 2017

Privacy The fair, ethical and lawful collection, use and processing of customers’ personal information is essential to build trust, provide best-in-class services and achieve our corporate objectives. To help meet this goal, Citi has established a dedicated Chief Privacy Office team led by a Chief Privacy Offcer. The Chief Privacy Office team leads the Citi Global Privacy Program, which is overseen by the Citi Global Privacy Committee. The program provides a framework for effectively and efficiently overseeing and coordinating the management of privacy and confidentiality risks. Our Privacy and Confidentiality Policy articulates principles for the collection, use, sharing and disposal of personally identifiable information (PII) and customer data in accordance with its disclosures and applicable laws and regulations. Our policies prohibit the collection of PII that is not necessary for the performance of the services offered or for the purposes disclosed in our privacy notice. Citi provides transparency on our practices and offers customers choices with respect to how their personal information may be shared. We also ensure that customers participate in the management of their PII where legally required, such as confirming their preferred method of communication, reviewing and correcting informa- tion and opting out of marketing solicitations. Citi employees take required privacy and information compli- ance training, which covers privacy concepts; the importance of transparency in the collection, use and sharing of personal information; requirements related to PII collection, information protection and compliance with restrictions on data transfers; and expectations for enabling and honoring customer choices. More than 200,000 employees completed this training in 2017. In Europe, the General Data Protection Regulation (GDPR) goes into effect in May 2018. This regulation is significant not only for its scope and ambition but also for the weighty penal- ties for noncompliance. The GDPR places greater emphasis on individual rights than previous requirements and will have a broader impact, affecting any entity established in or proactively offering goods and services within the European Economic Area. Citi is committed to complying with the GDPR and is working to ensure that we are well prepared for any required notifications. For information about what we expect of our employees regarding the handling of personal, proprietary and confi- dential information (including customer information) see our Code of Conduct. WHAT’S AHEAD As more devices are able to transact payments, banking infrastructure, rules and policies will have to change in response. Banks will have to make sure that they have the processing capabilities to keep up with the demand for payments increasing from billions to trillions per year. Security and authentication will also need to happen in real time and on an even more massive scale than today. We will approach solutions to these issues with our clients’ needs in focus, and design the products and services that make their financial lives easier and more manageable. Citi 2017 Global Citizenship Report 31 CONTENTS    INTRODUCTION    HOW WE DO BUSINESS     SOLUTIONS FOR IMPACT    APPENDICES Conduct and Culture    Digital Innovation     Talent and Diversity    Human Rights    Environmental and Social Risk Management    Operations and Supply Chain