CIS and its members must abide by a large number of laws and regulations. These include the Code of Conduct for the Processing of Personal Data by Financial Institutions and the Protocol in respect of the Incident Warning System for Financial Institutions. 

These guidelines were published by the financial institutions’ industry associations and have been evaluated by the Data Protection Authority. CIS has incorporated these guidelines into its own CIS User Protocol and CIS Privacy Regulations for the use of the CIS database. 

These documents contain rules governing the processing of personal data for both CIS, its members and the person registered.

The CIS Privacy Regulations apply to all processing in connection with the CIS database. It covers historical and current data in the specified categories of persons and how the information can be used by CIS members. 

The Privacy Regulations regulate the kinds of data that can be processed and consulted. They also specify for what purposes the information can be processed, how long records can be kept, and so on.