INFORMATION PRIVACY PROTECTION POLICY
1.1 Dara Insurance Plc (Company) holds and possesses confidential and personal information on private individuals, employees, business partners and suppliers as well as information relating to its own operations.
1.2 In line with its commitment to safeguard and prevent the misuse of such information, the Company is implementing the Information Privacy Protection Policy (the Policy) to spell out the guidelines for staff in accessing and processing information in the course of their duties.
2.1 The objective of this Policy is to set out a framework to:
i) Protect the Company’s information from possible threats whether internal or external, deliberate or accidental.
ii) Enable secure information sharing.
iii) Ensure all staff are aware of their roles and responsibilities in managing and protecting the confidentiality and integrity of the information they handle.
iv) Protect the Company from legal liability due to inappropriate use of its information.
v) Comply with applicable laws and regulations in Cambodia.
3.1 The Policy applies to all staff of the Company.
3.2 The Policy covers all forms of information including but not limited to:
i) Speech, conversation whether spoken face to face or communicated by phone.
ii) Hard copy data printed or written.
iii) Information stored in manual filing system.
iv) Information communicated via post/courier, fax, electronic email.
v) Data stored and processed via servers, personal computers, laptops, mobile phones, PDAs.
vi) Data stored on all types of removable media, CDs, DVDs, tape, USB, memory sticks, digital cameras etc.
4.1 The following spell out the responsibilities of all staff:
i) Legitimate Access
Staff may only access information needed to perform their legitimate duties.
ii) Prohibited Activities
Staff may not in any way misuse, divulge, copy, release, sell, loan, alter or destroy any information unless authorized to do so within the scope of their professional activities.
iii) Responsibilities and Obligations
a) Staff must protect the confidentiality, integrity and availability of the Company’s information wherever the information is located e.g held on physical document, stored on computer media, communicated over voice or data networks, exchanged in conversation etc.
b) Staff must destroy or render unusable any confidential information contained in any physical documents e.g memorandum, reports, micro film or any electronic, magnetic or optional storage medium (e.g SD cards, USB key, CD, hard disk, magnetic tape, diskette etc) before it is discarded.
c) Staff must report any suspicious activities that may compromise the Company’s sensitive information.
d) Staff obligation to protect sensitive information continues after leaving the service of the Company.
iv) Compliance with applicable laws/regulations/contractual obligations/Company’s policies
In the course of carrying out their duties inclusive of accessing and processing information, staff must ensure due compliance not only with this Policy but with all applicable laws and regulations, contractual obligations/service undertaking as well as the Company’s other prevailing policies.
- Policy Violation
5.1 A staff found to have violated this Policy will be liable to disciplinary action, up to and including termination of employment and/or referral to law enforcement agencies for civil and/or criminal action, where appropriate.
6.1 This Policy is subject to review from time to time.
6.2 Any such review shall be made known to staff in writing.
- Effective Date
7.1 The effective date of this Policy is 26 January 2019.