To win the trust of the public and win support for the sustained development of JCIC, we have been rigorously following the legal procedures for collection and use of credit information and protecting personal privacy. While we consider expanding the scope of data collection, we must simultaneously shore up the foundation for data protection in business operation and management. Our efforts at data protection include:
Steeping up member compliance with Article 12 of the JCIC Membership Rules. When a member makes a credit inquiry, there must be a specific purpose, that is, the inquiry is made based on an agreement with the principal, a like-kind contractual relationship, or a written consent of the principal. The aforesaid requirement is set forth in compliance with the confidentiality clauses in the Computer Processed Personal Data Protection Act and the Banking Act. Thus it applies to all inquires about both personal and corporate data, unless the information is already made public or otherwise provided by law. In the implementation of this rule, we have completed the reason for inquiry check mechanism, which serves as a reminder beforehand and allows checking afterwards. It also aids members’ internal and external supervision.
The credit data obtained by members from JCIC are strictly for internal reference only. Unless it is otherwise provided for by law or agreed by the principal in writing, inquired data may not be made public or transferred to others. Credit information provided by JCIC can only be used by members for the reference of their credit operation or other legally registered operations, and should not be used as the sole basis for approving or denying financial dealing with the principal to prevent the improper use of personal credit data.
Augmenting the security audit of the credit information inquiry operation of members. To effectively control members’ security operation for the inquiry and use of credit information from JCIC, we have put into effect concrete measures, including self-audit by members, on-site audit, assigned audit, and matching analysis. The outcome of these control measures will be included in the calculation of member rewards as material encouragement of the efforts put forth by members in information security management and maintaining the quality of reported data. We also mete out disciplinary actions against violating members based on the severity of offence.
We continue to uphold the basic rights of the data principals provided for in Article 4 of the Computer Processed Personal Data Protection Act that allows them to inquire, browse, copy, supplement and correct their credit data. We implement a rigorous check mechanism for credit report applications, including requiring two ID’s to prevent fake identity; when a principal applies to supplement or correct data, we would require the presentation of ID’s and verify them with the reporting institution before making the correction, to protect the rights of principals.
We beef up our internal control system and information security management system on a continual basis.
We continue to study local and foreign regulations regarding personal data protection, and produce study reports on the possible effect of the amendment of the Computer Processed Personal Data Protection Act on our operations.