Protecting Customer Privacy & Security

Our customers trust us to safeguard the privacy of their personal and financial information. That's a responsibility that tops our list of priorities.

Managing Customer Privacy

We recognize that privacy and confidentiality form the cornerstone of customer trust. That’s why we continuously invest in the growth and development of our corporate privacy strategy, enhancing our policies and procedures and investing in new tools and technologies that support our customer privacy.

PNC's Privacy Office, within Enterprise Compliance, oversees compliance with privacy standards and regulations. As a member of various risk and business committees, the office has the authority to approve or reject business activities that may pose a privacy risk to customers.

In conjunction with Legal and Regulatory Change, the Privacy Office keeps abreast of new and/or changing privacy laws and regulations at the federal and state level, as well as in jurisdictions outside of the U.S. where PNC may be impacted. After determining new legal and regulatory requirements, the Privacy Office works with lines of business and compliance areas to provide guidance on compliance.

Our Enterprise Privacy Policy is reviewed by our board of directors and updated as needed due to changing privacy requirements. 

All PNC employees and contractors are required to take privacy training. The curriculum provides employees and contractors with the knowledge and skills to recognize privacy concerns and understand what constitutes personal information, the laws that apply to that information, the appropriate access, uses and disclosure of that information, and how to appropriately safeguard it. Additionally, other specific privacy trainings are required for individuals responsible for managing or processing Protected Health Information (PHI) or the personal information of international customers. 

We track the effectiveness of our privacy program and training through regular self-evaluation and feedback from customers and external parties, monitoring changing regulations, and challenging business activities. Monitoring programs are regularly enhanced and updated with new capabilities, such as machine learning, to increase the reliability and accuracy of privacy-related data. The ongoing monitoring of this data allows the Privacy Office to review trends and risks, identify areas for improvement, and, where necessary, implement remediation. 

Protecting our customers’ personal and financial information and minimizing losses is our priority. Depending on the incident, actions may include adding alerts to customer accounts, closing accounts, opening a new account and offering credit monitoring at no cost to the customer. When warranted, we also notify regulatory agencies and engage law enforcement.

As part of building trust with our customers and external stakeholders, PNC’s Security & Privacy Center offers our stakeholders a one-stop shop for clear and concise information on how PNC’s products secure customer information while protecting individual privacy. Our Personal Data Rights program gives customers control over their personal information and data, including the ability to delete their data from PNC’s servers upon request, based on the data in question and their state of residency. This program is designed to ensure compliance with requirements in privacy laws such as the CCPA, which gives customers the power to control the use of their data. 

For more information on how we protect our customers’ data, read our Privacy Notice, which is provided to new consumers, to existing customers on an annual basis, and as otherwise required by law.

Our Approach to Corporate Responsibility

We’re committed to doing the right thing for our shareholders, customers, communities and employees.




Prioritizing Customer Security

Our customers’ security is paramount. Guided and reviewed by PNC’s risk committees and the board of directors, our security program is designed to help PNC identify, prevent, respond to and recover from cyber threats. Several of our risk committees are dedicated to protecting customer security, including the Business Continuity Committee (BCC), Technology Standards Sub-Committee (TSSC), Technology Risk and Business Committee (TRBC), Independent Technology Risk Management Committee (ITRMC) and the Technology Committee of the Board of Directors.

Our Security Practices

PNC requires all employees to participate in mandatory information security trainings and phishing exercises. Employees are also required to partake in an additional ten security trainings that covered topics such as Maintaining Privacy and Security, Cybersecurity, Anti Phishing, Information Security, Red Flags and more. 

Security at PNC

Learn more about our security program.