D Internal Procedures

1. Employee Practices and Procedures

The statutory obligation on all DFSA employees, agents and independent contractors to keep all confidential information confidential is further reinforced by requiring:

•  all DFSA employees, agents and independent contractors to sign an Employment or Consultancy Services Contract that incorporates a confidentiality clause; and
•  all DFSA employees to abide by a Code of Values and Ethics which requires them to comply with their statutory obligations, including the confidentiality obligations under the Regulatory Law

2. Physical Management of Confidential Information

The entire DFSA offices occupy a restricted space accessible only through the use of electronic identification cards.

The DFSA has adopted best practice electronic and paper document control systems that monitor and audit the use of confidential information.

To ensure the confidentiality obligations in the Regulatory and Data Protection Law are met, the DFSA has developed policies concerning the physical management of information by employees in discharging their licensing, supervisory and other regulatory functions. The policies also prescribe procedures regarding information technology security, restricted electronic information access, physical perimeter security, securing evidence, receiving and receipting documentation and designating sensitivity classifications of information.

When the DFSA receives confidential information pursuant to its statutory powers under the Regulatory Law to compel production of information and documents, the documents are processed according to prescribed procedures. These procedures include processes for the manual and electronic receipt, storage and return of confidential information and documents in and from an Evidence Management Facility purpose built to secure confidential information. Only limited nominated staff have access to the restricted area and the compelled documents while they remain in the custody of the DFSA.

30 January 2006