CNEN
ESG Report Questionnaire

Governance

Trust

SDGs

Customer Privacy and Security

SKS places great importance on the protection of customer data. In accordance with the Personal Data Protection Act and related regulations, the Company has established a comprehensive personal data protection framework. This includes the Personal Data File Security Maintenance Plan and Post-Termination Data Handling Policy, which clearly outlines the responsibilities and obligations of employees when handling personal data. These measures are publicly available on the Company's website to ensure that customers are fully informed of their rights and protections. If a customer suspects a potential data breach, they can report it through the customer service center, through email via the corporate website, or at any regional business office. The receiving unit will notify relevant departments in accordance with the operational risk event reporting procedure to determine whether a personal data breach has occurred. If confirmed, the case will be handled and reported in accordance with the Personal Data File Security Maintenance Plan and Post-Termination Data Handling Policy.

Personal Data Protection Operating Results in 2024
Personal Data Response Team

Regularly review the appropriateness of regulations related to personal data protection and management

Improve information security regulations

Establish the "Personal Data File Security Maintenance Plan and Post-Termination Data Handling Policy" and the "Personal Data Security Management Measures" to ensure the security and proper management of personal data, thereby preventing theft, alteration, destruction, or leakage.

Data Inventory & Risk Assessment

Each department conducts annual operations to ensure that all personal data held by the company is obtained legally and protected with appropriate measures.

Management Audits

The Audit Office conducts audits at least semi-annually to ensure the effectiveness of the personal data protection management system.

Internal Awareness Campaigns

Periodic communications on personal data protection laws are provided to all employees.

Prevent personal data breaches

All vendors involved in outsourced operations with potential access to personal data are required to sign a "Personal Data Protection Undertaking."

Education and training

Since 2011, personal data protection-related education programs have been arranged for all levels of management and employees. Since 2016, regulations and case studies related to the Personal Data Protection Act have been included in new employee training.

Educational Training for Personal Data Protection and Compliance
2024 Company-wide (including branch company)
Training Target
Head office personnel
Training Hours (hr/ppl)
1
NO. of Participants (ppl)
1361
Attendance rate (%)
100
Note:

In 2024, comprehensive staff training was conducted through a hybrid approach combining in-person and online courses to ensure all personnel have a fundamental understanding of personal data protection and compliance education.

Work Plan for 2024
  • Continue to strengthen employees' personal data protection training and awareness to prevent data breaches.
  • Continuously enhance the current personal data protection framework in response to regulatory updates and business development needs.