Privacy Protection
Protection Policy of Personal Information
Taishin has a personal information protection policy in place to ensure legitimate collection and use of customers' and employees' personal data. This policy is constantly reviewed and revised in line with changes in regulation. In addition to conducting regular inspections on the security of personal information, Taishin also assesses possible personal information risks and uses the findings to establish proper management practices, responses, reporting channels and preventions for incidents such as theft, alteration, destruction, loss or leakage of personal information, and thereby enforce the personal information protection system of the organization.
Taishin continues to execute training programs that are aimed at raising employees' awareness and respect towards personal information and promoting thorough understanding of relevant legal requirements, responsibilities, systems, procedures and measures the organization has in place for the protection of personal information.
Taishin continues to execute training programs that are aimed at raising employees' awareness and respect towards personal information and promoting thorough understanding of relevant legal requirements, responsibilities, systems, procedures and measures the organization has in place for the protection of personal information.
Training for Protection of Personal Information in 2022
-
New recruits (to complete training within six months after coming onboard)
-
- Online course on personal information protection
- Compliance and behavior guidelines
-
100
-
100
-
General employees
-
- Personal information protection reminder publications
- Online course on information security and personal information protection
- Classroom course on personal information protection
-
100
-
100
-
Contact person for personal data (or delegate representative) for each division
-
- Personal data violations response drills
- Personal data inventory training
-
100
-
100
-
Contact person or emergency response team of personal data management for each division
-
- Publicity of personal data protection cases/symposium for legal compliance
supervisors - Publicity of laws and regulations and penalties
- Personal information infringement response drills
- Publicity of personal data protection cases/symposium for legal compliance
-
100
-
100
Personal Information Protection Measures
In terms of improving the response capacity of personal data infringement incidents and the crisis awareness of all personnel, Taishin has specially formulated the "Personal Data Infringement Incident Management Standards" to effectively implement emergency response and handling. When a personal information infringement incident occurs, the supervisor must be notified immediately and Complete the risk assessment and event classification within the time limit, and set up an emergency response team according to the impact of the event to carry out the response, coordination, communication and investigation of related events.
Also, in order to respect the rights customers’ rights to exercise their personal data, Taishin’s subsidiaries have formulated “Operating Rules for Exercising the Rights of the Parties” based on their own business requirements, specify customers’ personal data’s inquiry, viewing, copying, supplement, correction, deletion and the right to stop collection, processing and use.
Taishin FHC takes Personal Information Protection very seriously. In order to increase the level of security management, Taishin Bank engages certified public accountants to review the personal data protection project. The certified public accountants have since 2022, been adopting the agreement procedure method to review the effectiveness of the design and execution of the internal control system of the Bank’s personal data protection, and has included it into the Bank’s Statement on Internal Control. No significant abnormalities were found in 2022. Also, Taishin Life has delegated SGS Taiwan Ltd. in performing verification on April 29, 2022, and was recommended as an organization which complies with the requirements of BS10012:2017 Personal Information Management System certification.
The Handling of Each Level of Incident and the Reporting Level
-
Level 1 Incident
-
Personal Information Protection Implementation Department
-
Must be handled within 2 days.Supervisor of said department/Legal compliance unit
-
Supervisor of said department/Legal compliance unit
-
Level 2 Incident
-
- Shall complete the reporting within the deadline set by the Company's internal department
- The emergency response team shall draw up a response plan within 2 working days.
- In accordance with the “Financial Supervisory Commission Designated Non-government Agencies’ Personal Data File Safety Maintenance Measures”, report to the Financial Supervisory Commission within 72 hours for any major personal data incidents.
-
- Presidant
- Other parties to report to in accordance with internal regulations, include but not limited to Personal Data Protection Committee members, etc
• Level 1 incident: Less than 100 cases of security incidents such as theft, tampering, damage, loss, leakage, etc. of personal data or incidents that meet the definition of other internal regulations.
• Level 2 incident: More than 100 cases (inclusive) of major incidents such as theft, tampering, damage, loss, leakage of personal data which endanger the Company’s normal operations.
Grievance Mechanism of Personal Information
Taishin attaches great importance to the protection of personal information, and customers can raise questions or file complaints through different channels. If the results of an investigation confirm a violation of personal information, we will take disciplinary actions (e.g., downgrading of performance evaluation, withholding of bonuses, and internal penalties). We shall also propose specific system and process improvements to address the root cause of the complaint and avoid the recurrence of similar situations. The cases are compiled and submitted to the Fair Customer Treatment and Consumption Review Committee and the Board of Directors each quarter. The management department unit shall continue to monitor improvements to ensure implementation.