• Font Size:
  • S
  • M
  • L

Chapter Content

Title:

Reference Guidelines on the Protection of the Information and Communication Systems of Service Enterprises in Securities and Futures Markets  CH

Announced Date: 2024.01.09 (Articles 15 amended,English version coming soon)
Current English version amended on 2022.04.26 
Categories: Information Operations
Article Content Chapter Content Search Article No. Search Legislative History Chinese 
   Chapter 7 System and Communication Protection
Article 22    (Confidentiality and Integrity of Transmission and Safety of Data Storage)
  1. A core system shall adopt an encrypted transmission mechanism for the transmission of personal or classified data through the Internet, to prevent unauthorized information disclosure or detect information changes.
  2. It is advisable for a core system of a type 1 organization to adopt an encrypted transmission mechanism for the transmission of personal or classified data through the Intranet.
  3. No such encryption as described in the preceding two paragraph is necessary if physical protective measures are available as substitutes in the course of transmission.
  4. In the event of the international transmission of classified data, an organization shall develop an encrypted transmission mechanism and confirm the compliance of the collection, processing, use, international transmission, and control of client information by an entrusted institution (the head office or an overseas subsidiary to which a foreign organization outsources information processing offshore due to division of work) with the applicable provisions of the Personal Data Protection Act of the R.O.C. Authorization from the subject shall be obtained prior to transmission. No restriction of a competent authority on international transmission may be violated. Complete audit records shall be kept.
  5. The encryption mentioned shall use algorithms that are public, certified by international institutions, and not cracked.
  6. Encryption GoldKeys or certificates shall be replaced periodically.
  7. It is advisable for an encryption mechanism to support a GoldKey with the maximum length from an algorithm.
  8. It is advisable that regulations be set forth and necessary safety protection measures be implemented for the safekeeping of the GoldKey server side of an encryption system.
  9. Important files of configuration settings and other information requiring protection that are contained in a core system of a type 1 organization shall be encrypted or otherwise appropriately stored.
  10. Encryption and decryption programs or public chmod programs (such as database tools) shall be subject to control with restrictions on their use to prevent unauthorized access and keep audit trails.