SWIFT has decided to enhance its contractual documentation and to improve transparency with respect to the processing of message and traffic data. In doing so, SWIFT has been assisted by a working group of data protection and compliance experts from European and non-European SWIFT users.
The results from this work are published below.
The SWIFT Data Retrieval Policy sets out SWIFT’s policy on the retrieval, use, and disclosure of traffic and message data. This policy existed already, but has been enhanced to provide additional transparency.
The SWIFT Personal Data Protection Policy sets out the roles and responsibilities of SWIFT, the SWIFT community, and its customers with regard to the processing of personal data. Such roles and responsibilities were previously governed by the SWIFT General Terms and Conditions and other contractual documents, and are now consolidated in one single policy.
The SWIFT Safe Harbor Policy provides an adequate level of protection for SWIFT’s mirroring of data in its US Operating Centre. This policy specifically covers personal data contained in message data that relate to individuals resident of European Economic Area (“EEA”) Member States or from Switzerland or that are sent by SWIFT customers established in one of the EEA Member States or Switzerland
This document answers the most frequently asked questions on SWIFT’s data processing activities and related data protection matters.
The SWIFT Security Control Policy, to which some of these documents refer, can be found here.
The SWIFT General Terms and Conditions, to which some of these documents refer, can be found here.