IPv6 Enabled
Your location: Home > CMBC Today > ESG > ESG Information


China Minsheng Bank Strengthens Data Security Management

#Consumer Financial Protection# #Privacy & Data Security#

China Minsheng Bank strictly abides by the requirements of laws and regulations in relation to data security, such as the Cybersecurity Law of the People's Republic of China, the Data Security Law of the People's Republic of China and the Personal Information Protection Law of the People's Republic of China, and has formulated the policies of the Administrative measures on Data Classification and Grading of China Minsheng Bank and the Administrative Measures on Data Security of China Minsheng Bank, with the view of improving the data security management system, adhering to the goal of strengthening privacy and data protection, strictly observing the legal compliance bottom line of data security, and helping the implementation of the strategy of “becoming a bank of digital finance” .

China Minsheng Bank has further promoted full life-cycle data security management, practiced the corporate culture of “customer-centric” philosophy, established the framework and detailed standards for data classification and grading, which followed the five principles of “clear purpose, informed consent, minimum and sufficient information, full control of entire process and traceable and reviewable operation records” . The Bank has developed an organizational structure of data security management formed by the IT Department, the Data Management Department, the Legal Affairs and Compliance Department and the Consumer Rights Protection Department of the Head Office, and clarified the Full life-cycle security management strategies for data collection, storage, transmission, deletion and destruction, in an aim to implement the security management of data classification and grading, comprehensively improve the security protection capability of data activities, and prevent from data security risks.

In view of the major contents of customers’ financial data collection, including authorization and consent, privacy policy, approval, authorization and encryption of data transmission, compliance and confidentiality of data storage, display desensitization, access control, processing of data usage, data deletion and destruction, China Minsheng Bank has established a closed-loop security management mechanism for the full life-cycle of data. Through data security compliance improvement of information system, the Bank carried out training on laws, regulations and awareness related to data security for all employees, effectively protected customer information security, and met the compliance requirements of data security.

China Minsheng Bank strictly enforces and implements the compliance requirements of laws and regulations related to data security and regulatory specifications, seriously investigates and strictly exercises disciplinary measures on violations of relevant regulations and disciplines. For suspected crimes, responsible persons shall be transferred to judicial authorities.