In order to fully protect the personal information and privacy of our customers and investors, Yuanta Financial Holdings set in place the “Yuanta Financial Holdings and Subsidiaries Customer Information Protection Measures” in 2002, and the “Customer Right to Privacy Protection Statement” in 2012, and enforces their compliance on a Group-wide basis.
Yuanta Financial Holdings and its subsidiaries undertake a “Legal Guidance and Training Course on Personal Information Protection” at least once every year, and test employees to ensure that they fully understand the importance of protecting personal information, and the procedures for doing so.
Information collection is undertaken through legal and public channels, and customer information is protected by the Company and its related parties with the highest degree of security in the storage facilities of an entrusted data storage company. Access to this information is strictly regulated by the Company’s management measures on information authorization. Information security and protection measures adopted by the Company include internal IP controls, a virtual local area network (VLAN) system, and an advanced firewall system to prevent unauthorized individuals from gaining access. Through a comprehensive personal information protection system and employee codes of practice, as well as the setting of an internal control system, the Audit Department can conduct audits at any time to guarantee the Company’s compliance status.
Yuanta Securities’ account opening procedures are done in accordance with the duty of disclosure laid out in Article 8, paragraph 1 of the “Personal Information Protection Act”, ensuring that our customers fully understand that trading via the Company’s electronic platform and the accessing of personal information can only be done after the customer has completed the setting of a personal password.
In business cases classified as confidential, in addition to entering a non-disclosure agreement with clients, or delineating confidentiality terms within the contract agreement, dedicated folders are established on the Company’s internal computer network, with access limited to the team handling the case. Additionally, in adherence with the “Personal Information Protection Act”, all communications sent from Company employees to customers which contain personal information are password protected. Furthermore, all emails sent from Company computers to external email addresses must pass through an external letter review process; in the event that the email content is flagged according to the conditions set out in the review policy, the email will require a manager’s approval to send.
In order to demonstrate our determination to protect customers’ personal information, in March of 2009 Yuanta passed “BS 10012: 2009 Personal Information Management System” and received official certification from the British Standards Institution (BSI).
Furthermore, on February 1, 2016, following the decision from Company headquarters to implement a policy for Company email on mobile devices, Yuanta set the “IT Facilities Management and Usage Measures”, in which it clearly set out guidelines for the sending and receiving of information through the Company’s email system, including a prohibition against transferring any confidential materials to external emails, or saving any such information to external devices or cloud storage spaces.
Protecting customers’ information and privacy, and building a long-term relationship on a foundation of trust, has long been one of Yuanta Bank’s guiding principles. In order to increase our competitiveness in financial services, Yuanta Bank established management systems for information security and personal information security, and received certification for “ISO 27001 Information Security Management” and “BSI10012 Personal Information Management” in January and July of 2012 respectively, effectively strengthening its information security management abilities.
To ensure the effective implementation of the information security system, Yuanta Bank holds periodic training courses to raise employees’ information security knowledge and awareness. Additionally, to strengthen controls on information access, the Bank has adopted protective mechanisms and monitoring software to guarantee that information is not improperly accessed, and to protect the security of our customers’ personal information. In terms of business continuity management (BCM), the Bank has implemented responsive measures to provide the very best service to our customers.
Yuanta Life has established a “Personal Information Protection Group” and laid out the “Personal Information Protection Group Implementation and Operational Rules” in order to provide personal information operational management and oversight, periodically review internal and external changes to personal information related rules and regulations, and ensure that all personal information entrusted to Yuanta Life is strictly and effectively protected. In April, 2017, Yuanta Life received certification for "ISO 27001:2013 Information Security Management", thereby strengthening its personal information protection abilities.