Respecting the Choices made by People for their Data and Privacy

At Infosys, we constantly endeavor to protect personal information. We strive to become a trusted partner for businesses, enabling them to ensure data privacy compliance in their transformation journey, while maximizing the value we create for them.

Ensuring continuous compliance

Over the last few decades, data privacy has steadily emerged as an extremely important dimension of human rights. Several nations are strengthening or enacting data privacy regulations to make organizations accountable for respecting choices made by people about their data, and for protecting their privacy. We process personal data, ensuring privacy aspects are incorporated at design stage, that is, privacy by design. Continuous emphasis on training and skill development for our employees helps us incorporate best practices and build credibility. Keeping in view the large-scale personal data processing involved, we make use of tools and technologies to institutionalize data privacy practices and controls in multiple areas. We complied with all applicable data privacy regulations in fiscal 2020. The growing awareness and education on data privacy among stakeholders have contributed to a more robust process.

Key focus areas of Infosys' Data Privacy practices

Personal data inventory management

Personal data inventory management

Administration of privacy notices and consents

Administration of privacy notices and consents

Data subject’s access and request management

Data subject’s access and request management

Data de-identification

Data de-identification

Data security

Data security

Layered monitoring in data loss prevention tools

Layered monitoring in data loss prevention tools

Adopting internationally accepted protocols

We make every effort to protect the personal information that comes under our purview. Our data privacy compliance framework is the convergence of international best practices, client-prescribed requirements and applicable data privacy regulations across geographies. Infosys is among the first few organizations globally, to have its framework certified with accreditation, for the recently released ISO 27701privacy information management standard. In fiscal 2020, there were forty incidents involving customer data and none of them had any substantial material impact.

Driving thought leadership in data privacy

We make every effort to protect the personal information that comes under our purview. Our data privacy compliance framework is the convergence of international best practices, client-prescribed requirements and applicable data privacy regulations across geographies. Infosys is among the first few organizations globally, to have its framework certified with accreditation, for the recently released ISO 27701privacy information management standard. In fiscal 2020, there were forty incidents involving customer data and none of them had any substantial material impact.

‘In 2018, consulting firm KPMG performed a Privacy Maturity Benchmarking Exercise on Infosys’ data privacy practices, using its privacy framework and found the Company to perform better than or equal to global standards in eight out of the 12 domains of the framework.’

Achievements

ISO 27701 certified Infosys was among the first few companies globally to have its data privacy framework certified to this standard.

Member of core group for EU-India dialogue we are a part of the core group to discuss the EU-India dialogue on cross-border data transfer.

DSCI Privacy Framework We are involved in the development of the DSCI Privacy Framework in India.

Member of IAPP We are a member of the Privacy Engineering Advisory Board of the International Association of Privacy Professionals (IAPP) influencing the privacy engineering agenda.