Information Security and Personal Data Protection | Realizing Sustainability Governance | Common Good | Shin Kong Life Sustainability
Information Security and Personal Data Protection
Information Security Organization
Shin Kong Life Insurance has made a commitment to the protection of customers, and continues to promote the culture of information security. The Company established a dedicated information security unit with independent authority that is responsible for planning, monitoring, and implementing information security management. The Company further appointed a Chief Information Security Officer in September 2021 to oversee policy implementation and resource allocation, significantly improving execution ability for information security and personal data protection issues.
SKL has established the "Information Security Committee". The President serves as the convener, the Chief Information Security Officer serves as the deputy convener, and the top-level managers of each jurisdiction are the members, directly supervising information security and personal data protection policies through management. SKL has also established the "Information Security and Personal Data Protection Division" task force, with the Chief Information Security Officer taking the lead in planning, coordinating, and promoting information security management strategies from top to bottom. Meetings are held once a quarter and may be held separately as needed. In 2023, a total of 4 Information Security Committee meetings and 4 Information Security and Personal Data Protection Division meetings were held to ensure effective communication and coordination on information security and personal data protection issues, and their implementation.
Board of Directors
Personal Data Protection Policy
Information Security Management Policy
Information Security Assessment Plan
Annual Information Security Implementation Status
Information Security Committee
Information Security and Personal Data Protection Promotion Team
Information Security Action Plan
- Bolstering information security management
- Strengthening talent cultivation
- Customer data protection
- Major scenario simulation drills
- Information security monitoring and joint protection mechanism
Information Security Incident Informimg and Handling Mechanism
SKL has established the "Emergency Reporting Regulations", "Guidelines for Information Security Incident Reporting and Response Management", "Guidelines for Response to Personal Information Breaches", etc. In the event of a data security incident or personal information breach, the Company shall follow the relevant procedures for reporting. In addition, in order to ensure the complete protection of information systems and information security management, black box penetration testing, service interruption attack drills, etc. are conducted annually, and professional institutions are commissioned to conduct overall information security assessment to strengthen the information security level. There were no urgent incidents related to information security attacks or personal data breaches in 2023, and there were no complaints from the competent authorities or verified violations of customer privacy from external sources.
SDGs
