Privacy in the Digital Age

Miyo Yamashita – Global Chief Privacy Officer, TD Bank Group

November 27, 2014

2

TD overview

Privacy governance @ TD

Case studies: digital privacy @ TD

Privacy impact assessments in a digital age

Closing thoughts

Q & A

Agenda

TD overview

3

Three key businesses:1. Canadian Retail2. U.S. Retail3. Wholesale

Banking

TD also ranks among the world's leading

online financial services firms, with

~ 8.8 million active online &

mobile customers

More than

85,000 employees

globally

Approximately

22 million customers

worldwide

TD is the

sixth largest bank in North

America by branches

The Toronto-Dominion Bank and its subsidiaries are collectively known as TD Bank Group (TD)

TD had

$921.7 billion in assets

on July 31, 2014

Approximately

1,100 branches

in Canada

Approximately

1,300 branches

in US

4

Privacy governance @ TD

Global Privacy Office

Chief Compliance Officer

Global Chief Privacy Officer and VP Social Media Compliance

Compliance Stakeholders

Privacy Designates

Canadian Privacy Office

U.S. Privacy Office

Compliance Stakeholders

Privacy Designates

Compliance Stakeholders

Europe Asia-Pacific Privacy

Office

Privacy Designates

5

What do we mean by the digital age?

http://www.youtube.com/watch?v=zxpa4dNVd3c

6

"…success in the digital future will depend upon how well [companies] use data to build relationships dependent on two primary variables: the degree of engagement, and the degree of consumer control over their personal information"

- "The Four Futures", Aimia Inc

Source: http://www.aimia.com/content/dam/aimiawebsite/CaseStudiesWhitepapersResearch/english/Aimia_Whitepaper_FourFutures_DigitalLoyaltySurvey.pdf

7

How far would UGO to organize your wallet?

UGO Wallet aims to combine mobile payments and loyalty

There’s a new mobile payment service in Canada, and it’s the first to combine touchless payments and loyalty in a single app.

Dubbed UGO Wallet, the service is a partnership between TD Canada Trust and PC Financial, whose credit cards are the first two participants in this so-called “open wallet.”

Similar to other mobile payment offerings on the market, UGO Wallet requires a particular Android or BlackBerry device — there are 15 at launch altogether — and an NFC SIM card, which is used to safely store payment credentials in its secure element.

The service works with Rogers, Bell and TELUS. Users can also add PC Plus loyalty cards, which can be used at Loblaws stores to earn and redeem points. The process to add these cards is pretty seamless, and I was up and running on my Samsung Galaxy S5 in just a few minutes.

November 24, 2014

Source: http://mobilesyrup.com/2014/11/24/ugo-wallet-aims-to-combine-mobile-payments-and-loyalty/

8

Case study: UGO Mobile Wallet

• On Nov. 6, 2013, TD (in partnership with PC Financial) announced the launch of UGO™, Canada's first open mobile wallet to combine multiple payment and loyalty programs in one convenient and secure mobile solution

• UGO will provide Canadians with a more convenient, value-add way to shop and transact with their favourite retailers by allowing users to replace cards from their physical wallet with a simple and secure mobile payment method that automatically links to loyalty programs

• With UGO, consumers will be able to pay, earn and redeem loyalty points in a single tap using their smartphones

• This innovative solution offers functionality that could ultimately replace the need to carry a physical wallet

Project Background

GLOBAL CANADA

Financial Institutions 82% 92%

Supermarkets 64% 53%

Mobile Phone Providers 56% 47%

Places of Work 50% 57%

Utility Companies 36% 45%

Online Retailers 35% 25%

Loyalty Programs 34% 33%

Government agencies 33% 43%

Social Networks 5% 2%

Consumer Confidence LevelsWhich of the following categories do you feel most comfortable about handling your personal data?* • Although it is a separate company, UGO "changes the game" –

TD is now officially in the mobile wallet/loyalty space

• UGO required TD to:

• Create a separate privacy policy

• Address a number of data sharing considerations

* Source: Aimia Study on Personal Data

Privacy Challenges/Take-aways

9

How TD used to say thank you…

10

Case study: #TDThanksYou

• In July 2014, TD launched a social media-based campaign called #TDThanksYou, which turned ATMs into "automated thanking machines"

• The video has received more than 17 million views on Youtube to date

Project Background

• While the public reaction to the recent #TDThanksYou campaign was overwhelmingly positive, the following comments were posted on Youtube:

Privacy Challenges/Take-aways

"Pretty freaky how much your bank knows about you but this is really cool"*

"… it's definitely either preplanned or very big brotherish"*

"I did get a little lump in my throat watching that. However, I can't help feeling a little creeped out how much they knew about those people to be prepared for them to show up"*

"This is lovely but kind of REALLY creepy when you think about it. Were they stalking them?"*

http://www.youtube.com/watch?v=bUkN7g_bEAI

*Source: Youtube

11

Case study: #MakeTodayMatter

http://www.youtube.com/watch?v=dP7OgLCc4vo

• On November 25, 2014, TD launched a social media-based campaign called #MakeTodayMatter, which captures TD helping people make a difference in their community by bringing to life their wonderful ideas and empowering their good deeds – all in a 24 hour period.

Project Background

12

Case study: TD Beta app pilot

• TD recently launched an 8-week pilot of a beta app which tests "local social"• The TD Beta App syncs to select "geo-zones" which allows TD to provide customized local branch

information on a customer's mobile device via the TD mobile app• Types of customized content include:

• Informational videos tailored to the demographics of the area• Live social media feeds from local branches• Information on upcoming local seminars• Services offered and languages spoken at the local branch• Directions to the branch

Project Background

• The TD Beta App pilot presented unique privacy challenges including:

• Inherent sensitivities of geo-location

• Transparency in data collection & usage

• Obtaining meaningful "just in time" consent from users

• Providing customers with privacy options and respecting customer preferences

Privacy Challenges/Take-aways

13

• TD has recently modernized its privacy impact assessment process and associated tool to adapt to changes in the privacy landscape including cookies/tagging, geo-location and data mining

• The newly modernized process: Facilitates communication between the business and the Privacy Office Identifies and evaluates privacy-related risks to TD businesses Provides required controls to mitigate privacy risk Helps to identify ways to safeguard customer and employee personal information Helps TD comply with its obligations under its respective privacy laws Enhances TD's ability to protect its brand

Assess Inherent Risk

Identify Controls Assess ControlsMonitor, Test &

Report

Privacy impact assessments in an evolving digital age

14

• Give customers sharing options & respect consumer privacy preferences

• Partner with the business to understand and enable their goals in a privacy-respectful manner

• Be transparent in data collection and usage practices

• Ensure all data collection and usage ultimately benefits the customer

• Develop tools to effectively assess the current and emerging privacy risks associated with the digital age

Closing thoughts