These Directions are adopted to protect personal data and prevent improper use of customer data by employees of securities firms.
Employees of the securities firm shall comply with the firm's regulations and restrictions on customer data in respect of customer data they learn by reason of their duties.
The securities firm shall appoint designated personnel to maintain the security of files of customer data that it preserves, according to relevant laws and regulations, to prevent theft or leakage of customer data.
Where a securities firm files, transmits and prints customer data, detailed records of the names and positions of the operators shall be kept and managed by designated personnel.
Any change, deletion and usage of the above filed data shall also be recorded.
A system of identification codes and access codes shall be established for the output and input of the securities firm's customer data; data access control shall be additionally put in place for important personal data.
The identification codes and access codes under the paragraph above shall be updated regularly as necessary.
The securities firm shall establish an audit system for customer data files, and the auditors shall audit the management of customer data files on a periodic or aperiodic basis.
The securities firm shall establish a perusal request system for customer data regarding account opening, credit checking, trading, and safekeeping, to ensure that no one may request to peruse, photocopy or print such data except pursuant to laws and regulations or as authorized and approved; no one's seal or signature card of customers may be photocopied or printed except as required for audits by auditors.
Applicants for perusal of customer data shall fill in a customer data request form. Detailed records of the request date, purpose and applicant's name and position shall be kept. Such form shall be serially numbered and managed by designated personnel.
A securities firm hires new employee shall request him to sign a non-disclosure undertaking on customer data.
In the event of movement or departure of an employee of the securities firm, his identification code shall be canceled and his access pass and related credentials shall be retrieved.
These Directions shall take effect after having been submitted to and approved by the competent authority. Subsequent amendments thereto shall be effected in the same manner.