Skip to main content
Entire section Custom print Text Only Rich Text Print

6.1.4 Sharing with Authorized Agents

C 8/2020 STA Effective from 25/12/2020
  1. 6.1.4.1Licensed Financial Institutions must ensure that any Authorized Agent to whom some part or the entire delivery of the Financial Product and/or Service is outsourced meet the fit and proper policy regarding Data management and protection including secure handling procedures and applying proper controls.
  2. 6.1.4.2Licensed Financial Institutions must ensure that access to a Consumer’s Personal Data by Authorized Agents is properly authorized in Writing by the Licensed Financial Institution, regularly monitored, and appropriately restricted in line with the purpose of the access given. All legal contracts with Authorized Agents relating to the Outsourcing of functions and services must include appropriate provisions for safeguarding confidentiality of Personal Data and must prohibit the unauthorized disclosure of confidential Personal Data by Authorized Agents. The Authorized Agents must report to the Licensed Financial Institutions Data Management and Protection function significant breaches of Personal Data. The Licensed Financial Institution’s obligation to protect all Consumer Data extends to the actions of all Authorized Agents.
  3. 6.1.4.3Where Personal Data is shared and retained outside of a Licensed Financial Institution’s own network such as with Authorized Agents, Licensed Financial Institutions and Authorized Agents must use encryption techniques to suitably encrypt Consumer Data and take measures for the secure transfer of Data.
  4. 6.1.4.4Licensed Financial Institutions are responsible for ensuring any outsourced technology using or retaining Personal Data meets the highest standards of security, encryption and protection and are regularly audited and verified for vulnerabilities.
  5. 6.1.4.5In the event of a termination of an Outsourcing contract with a Third Party, Licensed Financial Institutions must ensure and be able to demonstrate that all Personal Data is either retrieved from the Third Party and/ or is destroyed.
  6. 6.1.4.6Where the Consumer provided expressed consent to the Licensed Financial Institution for sharing Data to a Third Party, the Licensed Financial Institution must confirm in any contract with a Third Party that the Third Party has no further right to share the Data or use it for other unauthorized purposes unless required by the laws in UAE.