Taishin FHC Corporate Social Responsibility Report 2019

52 Superior Service 2-2 Privacy Protection Reporting and Resolution of Personal Information Infringement Report at the first instance Protection Policy of Personal Information Personal Information Protection Measures Subjects 100 New recruits (to complete training within six months after coming onboard) 100 Coverage Rate (%) Completion Rate (%) Courses Training for Protection of Personal Information in 2019 100 Personal information management contacts of various units 100 100 General employees 100 Responsible Unit Contact windows of various departments Reporting and resolution of personal information infringement (Risk Management Division) (Audit Division, Board of Directors) (Compliance Division) Managers of the accountable unit CP-R-09_ Management Regulations on Personal Information Infringement Incidents Operational Risk Loss Reporting Procedure Handling Guidelines for Major Extraordinary Events Information Technology Services Division and Information Security Department Risk Management Division Audit Division Personal Information Protection Promotion Implementation Team Corporate Planning Division, Corporate Communications Team (If the media is involved) Taishin has a personal information protection policy in place to ensure legitimate collection and use of customers' and employees' personal data. This policy is constantly reviewed and revised in line with changes in regulation. In addition to conducting regular inspections on the securi - ty of personal information, Taishin also assesses possible personal information risks and uses the findings to establish proper management practices, responses, reporting channels and preventions for incidents such as theft, alteration, destruction, loss or leakage of personal informa - tion, and thereby enforce the personal information protection system of the organization. Taishin continues to execute training programs that are aimed at raising employees' awareness and respect towards personal information and promoting thorough understanding of relevant legal requirements, responsibilities, systems, procedures and measures the organization has in place for the protection of personal information. With regards to the handling of personal information incidents and employees' crisis aware - ness, Taishin has implemented "Management Regulations on Personal Information Misuse Incidents" to facilitate effective emergency response should an incident arise. If a personal information incident occurs, employees are required to report immediately to the line manag - er and complete risk assessment and incident classification within the given timeframe. Depending on the severity of the incident, an emergency response teammay be assembled to execute response, coordination, communication and investigation in relation to the incident. In 2019, Taishin received no penalty from the authority for violation of personal information. Furthermore, out of respect for customers' personal information and their rights, Taishin has implemented "Operation Regulations on the Exercise of a Party's Rights" to facilitate proper handling of customers' rights to inquire, review, make duplicate copy of, supplement, correct and delete their personal information maintained with Taishin, as well as their rights to stop Taishin from further gathering, processing and use of information. ● Online course on personal information protection ● Classroom/online courses on information security ● Compliance and behavior guidelines ● Personal information protection reminder publications ● Online course on information security and personal information protection (Note: The coverage rate equals the completion rate for this online course.) ● Classroom course on personal information protection ● Personal information infringement response drills