12. Information Management in the DFSA

12.1 The statutory obligation on all DFSA employees, agents and independent contractors to maintain confidentiality of information is further reinforced by requiring:

(a) all DFSA employees, agents and independent contractors to sign an Employment or Consultancy Services Contract that incorporates a confidentiality clause in which they irrevocably agree that during the course of their employment, and thereafter, they shall not communicate any information that might be of a confidential or proprietary nature; and
(b) all DFSA employees to abide by a Code of Values and Ethics which requires them to comply with their statutory obligations, including the confidentiality obligations under the Regulatory Law.

12.2 The DFSA has also adopted physical measures for management of confidential information, such as:

(a) restricted working space accessible only through the use of electronic identification cards; and
(b) best practice electronic and paper document control systems that monitor and audit the use of confidential information.

12.3 To ensure the confidentiality obligations in the Regulatory Law and Data Protection Law are met, the DFSA has developed policies concerning the physical management of information by employees in discharging their licensing, supervisory and other regulatory functions. The policies also prescribe procedures regarding information technology security, restricted electronic information access, physical perimeter security, securing evidence, receiving and receipting documentation and designating sensitivity classifications of information.

12.4 When the DFSA receives confidential information pursuant to its statutory powers under the Regulatory Law to compel production of information and documents, the documents are processed according to prescribed procedures. These procedures include processes for the manual and electronic receipt, storage, retrieval and return of confidential information and documents in and from an Evidence Management Facility purpose built to secure confidential information. Only limited nominated staff have access to the restricted area and the compelled documents while they remain in the custody of the DFSA.

Example: The DFSA provides receipts to authorised entities for any documents forwarded to the DFSA or which the DFSA removes during the course of an onsite inspection or visit.