Article 14
Confidentiality
1.
An application for registration as a trade repository shall contain the internal policies, procedures and mechanisms preventing any use of information maintained in the applicant trade repository:
(a)
for illegitimate purposes;
(b)
for disclosure of confidential information;
(c)
not permitted for commercial use.
2.
The internal policies, procedures and mechanisms shall include the internal procedures on the staff permissions for using passwords to access the data, specifying the staff purpose, the scope of data being viewed and any restrictions on the use of data, as well as detailed information on any mechanisms and controls in place to effectively manage potential cyber-risks and to protect the data maintained from cyber-attacks.
3.
Applicants shall provide ESMA with information on the processes to keep a log identifying each staff member accessing the data, the time of access, the nature of data accessed and the purpose.