台新金控

Superior Service
Superior Service

Privacy Protection

Protection Policy of Personal Information

Taishin has a personal information protection policy in place to ensure legitimate collection and use of customers' and employees' personal data. This policy is constantly reviewed and revised in line with changes in regulation. In addition to conducting regular inspections on the security of personal information, Taishin  also assesses possible personal information risks and uses the findings to establish proper management practices, responses, reporting channels and preventions for incidents such as theft, alteration, destruction, loss or leakage of personal information, and thereby enforce the personal information protection system of the organization.

 

Taishin continues to execute training programs that are aimed at raising employees' awareness and respect towards personal information and promoting thorough understanding of relevant legal requirements, responsibilities, systems, procedures and measures the organization has in place for the protection of personal information.

Training for Protection of Personal Information in 2020

Target Courses Coverage Rate (%) Completion Rate (%)
  • New recruits (to complete training within six months after coming onboard)
    • Online course on personal information protection
    • Classroom/online courses on information security
    • Compliance and behavior guidelines
  • 100
  • 100
  • General employees
    • Personal information protection reminder publications
    • Online course on information security and personal information protection  (Note: The coverage rate equals the completion rate for this online course.)
    • Classroom course on personal information protection
  • 100
  • 100
  • Personal information management contacts of various units
    • Personal information infringement response drills
  • 100
  • 100

Personal Information Protection Measures

With regards to the handling of personal information incidents and employees' crisis awareness, Taishin has implemented "Management Regulations on Personal Information Misuse Incidents" to facilitate effective emergency response should an incident arise. If a personal information incident occurs, employees are required to report immediately to the line manager and complete risk assessment and incident classification within the given timeframe. Depending on the severity of the incident, an emergency response team may be assembled to execute response, coordination, communication and investigation in relation to the incident. In 2020, Taishin received no penalty from the authority for violation of personal information.

 

Furthermore, out of respect for customers' personal information and their rights, Taishin has implemented "Operation Regulations on the Exercise of a Party's Rights" to facilitate proper handling of customers' rights to inquire, review, make duplicate copy of, supplement, correct and delete their personal information maintained with Taishin, as well as their rights to stop Taishin from further gathering, processing and use of information.

The Handling of Each Level of Incident and the Reporting Level

Incident Description The Level at which the Incident is Handled The Level at which the Incident is Reported
  • Level 2 Incident

    Must be reported within 4 hours; the Emergency Response Team must be convened within 24 hours; the response plan must be established within 48 hours.

    • the incident involves more than 100 records of personal information that have been disclosed, or used without the Party's authorization, or improperly processed, used, or disclosed; or the collection of personal information without going through legal and proper channels;
    • the incident appears to have been caused by the Bank's improper control of its information technology system and operating procedures;
    • the incident was notified by law enforcement agencies or the central competent authorities, and that has been determined as a major incident; involving highly-sensitive information (ex: public figures etc.);
    • incidents reported by the media.
  • Emergency Response Team
  • President
  • Level 1 Incident

    Must be handled within 48 hours.

    • the incident involves fewer than 100 records of personal information that have been disclosed, or used without the Party's authorization, or improperly processed, used, or disclosed; or the collection of personal information without going through legal and proper channels;
    • the incident was notified by law enforcement agencies or the central competent authorities, and that has been determined as a Level 1 incident.
  • Personal Information Protection Implementation Department
  • Said department's supervisor

Taishin places great emphasis on the protection of personal information. To enhance security management practices, Taishin Bank engaged certified public accountants to perform a special audit on personal information protection in 2020 for which the CPAs issued a statement claiming that the design and implementation of the internal control system for personal information protection are effective.

Information Security Measures for e-Commerce Services

Includes: User Identification and Authentication, Personal Information and Sensitive Data Masking, Network Encryption,  Secure Software Development Life Cycle, Access Control and Monitoring Management, Intrusion Prevention System Management, and Security Information Event Management.

We monitor the percentage of users whose customer data is used for secondary purposes

  • Taishin has incorporated strict management approaches for 100% monitoring and protecting customer personal data which contains the use for primary and secondary purposes.
  • In 2020, we conducted marketing contacts for secondary purposes with 5.51 million customers, which accounted for approximately 80.3% of our total customers. The scope of use is fully complied with the purposes agreed with customers (we only use the customer data that the customers agree for the purposes on the notification of the provided products and services, or agree with "Consent to Clients Data Cross-referencing"; and all the customers can go through a written "Declaration of not Accepting Marketing Information" to request discontinuing using their data at any time.)

Grievance Mechanism of Personal Information Protection

Taishin attaches great importance to the protection of personal information, and customers can raise questions or file complaints through different channels. If the results of an investigation confirm a violation of personal information, we will take disciplinary actions (e.g., downgrading of performance evaluation, withholding of bonuses, and internal penalties). We shall also propose specific system and process improvements to address the root cause of the complaint and avoid the recurrence of similar situations. The cases are compiled and submitted to the Fair Customer Treatment and Consumption Review Committee and the Board of Directors each quarter. The management department unit shall continue to monitor improvements to ensure implementation.

Questionaire

Questionaire

You are invited to fill in the questionnaire to assist us realizing the CSR fulfillment.

您正在離開本站!

您現在欲前往的網站並非搜尋結果台新金融控股股份有限公司有限公司(本公司)所有,而是各由其所屬之第三人所有、操縱及控制。 本站對第三人所有之網站亦無任何操縱或控制的權限。 本站上之網路指示連結功能僅為提供您的便利而設。本站及本公司對該第三人所有之網站上的內容品質、效力、正確性、完整性、即時性、適法性,及該網站上之任何言論或聯結不負任何責任。 本站及本公司亦無調查、監視第三人所有的網站上的內容之品質、效力、正確性、完整性、即時性、適法性的義務。本站上之網路指示連結功能無論於任何情形下,不能解釋成為對任何第三人網站的保證、背書、推薦或相類的聲明。 本站及本公司特於此明確宣示對於任何第三人所有網站之內容的品質、效力、正確性、完整性、即時性及適法性不負任何明示或默示的擔保責任。

即將前往的網址 : https://www.taishinholdings.com.tw/news/news_04.jsp?newspage=01&readYear=2020&rowid=24441

很抱歉,您目前使用的瀏覽器無法支援瀏覽。

建議您升級瀏覽器,以利瀏覽此網站的所有內容,謝謝您的配合。

© 台新金融控股股份有限公司版權所有

建議瀏覽器:IE10+, Chrome, Safari, Firefox