Privacy Protection
Privacy Protection Policy and Management Mechanism
To maintain the security of personal information, Taishin has formulated regulations on the protection and management of personal information. Taishin has reviewed the appropriateness of these regulations in accordance with the law to ensure the legal collection and use of personal information of customers and employees. In addition to regularly checking the current status of personal data security maintenance and evaluating possible risks to personal data, Taishin also establishes appropriate management mechanisms based on the results of the risk assessment, and formulate contingency, notification, and prevention mechanisms to implement personal data protection and management measures for security incidents such as theft, alterations, damage, loss, or leakage of personal data.
Privacy Protection Measures
To enhance the ability to respond to personal data infringement incidents and raise the risk awareness of all employees, Taishin has formulated the "Personal Data Infringement Incident Management Standards" to effectively implement emergency response and handling. When a personal data infringement incident occurs, the supervisor shall immediately be notified supervisor and the risk assessment and classification of the incident must be completed within the time limit. Depending on the extent of the impact of the incident, an emergency response team shall be set up for the response, coordination, liaison, and investigation of the incident. Taishin adopts the principle of zero tolerance for personal privacy infringement
Also, in order to respect the customers’ rights to their personal data, Taishin’s subsidiaries have formulated “Operating Rules for Exercising the Rights of the Parties” based on their own business requirements, specify customers’ personal data’s inquiry, viewing, copying, supplement, correction, deletion and the right to stop collection, processing and use.
Personal Information Infringement reporting procedure (Taishin Bank example)

The handling of each level of incident and the reporting level
-
Level 1 (Note1)
-
Personal Information Protection Implementation Department
-
Must be handled within 2 days.
-
Supervisor of said department/Legal compliance unit
-
Level 2 (Note2)
-
Emergency Response Team
-
- Shall complete the reporting within the deadline set by the Company's internal department.
- The emergency response team shall draw up a response plan within 2 working days.
- In accordance with the “Financial Supervisory Commission Designated Non-Government Agencies’ Personal Data File Safety Maintenance Measures”, report to the Financial Supervisory Commission within 72 hours for any major personal data incidents.
-
- Presidant
- Other parties to report to in accordance with internal regulations, include but not limited to Personal Data Protection Committee members, etc
Note 1: Level 1 incident: Less than 100 cases of security incidents such as theft, tampering, damage, loss, leakage, etc. of personal data or incidents that meet the definition of other internal regulations.
Note 2: Level 2 incident: More than 100 cases (inclusive) of major incidents such as theft, tampering, damage, loss, leakage of personal data which endanger the Company’s normal operations
To strengthen the awareness on personal protection and establish a corporate culture of respect for personal information, Taishin continues to promote education and training on personal information protection so that employees understand the requirements of relevant laws and regulations. Furthermore, allow employees fully understand the scope of responsibilities, mechanisms, procedures, and measures for personal information protection.
Training for Protection of Personal Information in 2023
-
New recruits (to complete training within six months after coming onboard)
-
- Online course on personal information protection
- Compliance and behavior guidelines
-
100
-
100
-
General employees
-
- Personal data protection special issue
- Online course on personal information protection
- Classroom course on personal information protection
-
100
-
100
-
Contact person for personal data (or delegate representative) for each division
-
- Personal data violations response drills
- Personal data inventory training
-
100
-
100
-
Contact person or emergency response team of personal data management for each division
-
- Publicity of personal data protection cases/symposium for legal compliance supervisors
- Publicity of laws and regulations and penalties
- Personal information infringement response drills
-
100
-
100
Internal/External audit defects
Taishin FHC attaches great importance to the security of personal information protection. In 2023, Taishin Bank commissioned an accountant to conduct an audit of the implementation of personal data protection in accordance with the agreed procedures, and no major irregularities were found after the implementation of the agreed procedures.
To establish a comprehensive personal information management system, Taishin Life appointed SGS Taiwan on April 29, 2022 to perform the certification and was recommended by SGS Taiwan as an organization that meets the requirements of BS10012:2017 Personal Information Management System (PIMS). In 2023, we continued to pass the PIMS certification.
Grievance Mechanism of Personal Information
Taishin attaches great importance to the protection of personal information, and customers can raise questions or file complaints through different channels. If the results of an investigation confirm a violation of personal information, we will take disciplinary actions (e.g., downgrading of performance evaluation, withholding of bonuses, and internal penalties). We shall also propose specific system and process improvements to address the root cause of the complaint and avoid the recurrence of similar situations. The cases are compiled and submitted to the Fair Customer Treatment and Consumption Review Committee and the Board of Directors each quarter. The management department unit shall continue to monitor improvements to ensure implementation.