This website uses cookies to improve your browsing experience. By continuing to use this website you agree to our use of cookies. For more information on our use of cookies, click here to review the Cookies Policy.。
CONFIDENTIALITY OF FINAN-CIAL HOLDING COMPANIES' DATABASES
Carol Wu
In an order dated 13 September 2004, the Fi-nancial Supervisory Commission ordered that when a financial holding company requires its subsidiaries to report their business data and customer data to the financial holding company, and uses these data to establish databases in or-der to report group operating data to the regula-tory authorities in accordance with legal re-quirements, or to meet its needs for the man-agement of its invested companies, it has a duty to maintain the confidentiality of such data. The main points are as follows:
A financial holding company must maintain the confidentiality of data such as business data and customer data supplied to it by a subsidiary. With regard to the use of cus-tomers' individual data, transaction data, and other related data, it must establish written confidentiality measures, and disclose the major content of such measures by public announcement via the Internet or other means, in accordance with Article 42 of the Financial Holding Company Act (FHCA).
The financial holding company must enter into a confidentiality agreement with its sub-sidiary.
The financial holding company must procure a confidentiality undertaking from each em-ployee authorized to use such a database.
The financial holding company must ensure security of data transmission, and must estab-lish appropriate written management policies for the management of databases and other matters.
If analytical results or reports generated by the use of a database by a financial holding com-pany include a customer's individual data, transaction data or other related data, such data should only be used by the financial holding company and by the subsidiary that originally supplied the data, and should not be revealed to other subsidiaries or to third par-ties, or used to the detriment of the customer's interests.
If the use of such databases involves joint marketing activities or information sharing, these should be carried out in accordance with Articles 43 and 48 of the FHCA, and related orders of the regulatory authority.
