IPv6 Enabled
Your location: Home > CMBC Today > ESG > ESG Information


China Minsheng Bank’s Policy System for Management of Customer Information Security

#Consumer Financial Protection# #Privacy & Data Security# #ESG Policy#

China Minsheng Bank strictly abides by the requirements of relevant laws and regulations such as the Civil Code of the People's Republic of China and the Personal Information Protection Law of the People's Republic of China, and has formulated the Measures on Management of Customer Information Security of China Minsheng Bank (the Measures) and the Implementation Rules for Management of Customer Information Security of China Minsheng Bank (the Rules), which clarified the overall security requirements for each stage of the full life-cycle of customer information, further strengthened the security management of customer information, and comprehensively guaranteed the customer information security while promoting business development.

I. Background of the Policy

China Minsheng Bank attaches great importance to the establishment and improvement of the mechanism for the management of customer information security. For this purpose, the Bank strengthened the management over the whole bank, improved the standardization level of management, enhanced the awareness of employees, and prevented from security risk of customer information leakage.

II. Main Contents of the Policy

The Measures and the Rules put forward the security management principles of clear purposes, informed consent, minimum and sufficient information, full control of entire process and traceable and reviewable of operation records. They clarified the division of responsibilities of various departments and established the classification and grading standards for customer information. The full life-cycle of customer information is divided into stages of collection, transmission, storage, use, deletion and destruction. Overall security requirements and specific security control measures at each stage are put forward. The reporting, handling, evaluation process and corresponding requirements of customer information security incidents are stipulated. Employees engaged in customer information processing positions are required to sign confidentiality agreements, perform confidentiality obligations, and regularly receive professional training on customer information protection to ensure that the concerned employees are familiar with customer information protection strategies and procedures.

III. Implementation of the Policy

China Minsheng Bank strictly implements policies and requirements related to customer information and data security, and seriously investigates and strictly exercises disciplinary measures on violations of relevant regulations and disciplines. For suspected crimes, responsible persons shall be transferred to judicial authorities for further investigation on their legal and economic liabilities in accordance with laws.