Governance

Material Topic: Data Privacy and Security GRI 103: Management Approach 2016
Disclosure	Description
Disclosure	Reference or Response
103-1	Explanation of the material topic and its Boundary
103-1	ESG Report page 30 ESG Reporting Details page 3 Maintaining the trust of our customers, while protecting their privacy and the Bank’s systems, and keeping information secure, is a fundamental priority for TD. In a digital era complicated by a global pandemic and the remote work environment, data security and privacy threats are evolving at a rapid pace. We believe everyone at TD has an obligation to help keep data secure and private. We regularly offer training to our colleagues to help them stay vigilant and aware of cybersecurity and privacy best practices. TD has not experienced any material¹ financial losses relating to technology failure, cyber attacks or security or privacy breaches. ¹ As such term is used for securities law purposes.
103-2	The management approach and its components
103-2	ESG Report page 30 Information Security and Risk Management Policies Privacy Commitment (Policies and procedures about the collection, use and disclosure of customer information) Online Communication Policy Privacy Policy Accountability: Chief Risk Officer, VP & Global Chief Privacy Officer, Chief Information Security Officer, Enterprise Risk Management Committee Ways we measure our approach: Continuity of service and systems, incident tracking and risk assessments, threat monitoring, insurance coverage against risk of cyber-related events, employee training, investment in technology.
103-3	Evaluation of the management approach
103-3	ESG Report page 30
GRI 418: Customer Privacy 2016
418-1	Substantiated complaints concerning breaches of customer privacy and losses of customer data
418-1	ESG Report page 30